I try to create an image with mvn spring-boot:build-image using podman but got
[INFO] --- spring-boot-maven-plugin:2.7.0:build-image (default-cli) # sample-spring-service ---
[INFO] Building image 'docker.io/library/sample-spring-service:1.0.0-SNAPSHOT'
[INFO]
[INFO] > Pulling builder image 'docker.io/paketobuildpacks/builder:base' 100%
[INFO] > Pulled builder image 'docker.io/paketobuildpacks/builder#sha256:94e65320ba1682bc68cbbf1d4f63693bb62cc06c7077bfa3e3bccac7fdc10628'
[INFO] > Pulling run image 'docker.io/paketobuildpacks/run:base-cnb' 100%
[INFO] > Pulled run image 'docker.io/paketobuildpacks/run#sha256:3e889016680c0e2ef1e8b1bfdad2d6d34966c860a53ccfcfb3e269d48ed65fed'
[INFO] > Executing lifecycle version v0.14.1
[INFO] > Using build cache volume 'pack-cache-744ddec35876.build'
[INFO]
[INFO] > Running creator
[INFO] [creator] ERROR: initializing analyzer: getting previous image: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect: permission denied
podman info:
host:
arch: amd64
buildahVersion: 1.26.1
cgroupControllers:
...
version:
APIVersion: 4.1.0
Built: 1651853754
BuiltTime: Fri May 6 18:15:54 2022
GitCommit: ""
GoVersion: go1.18
Os: linux
OsArch: linux/amd64
Version: 4.1.0
I already tried a lot. Set permissions on socket, run podman with root. The same with docker is working well.
podman create alpine ls works fine.
In my pom.xml I tried:
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<docker>
<!-- <host>unix:///Users/mike/.local/share/containers/podman/machine/podman-machine-default/podman.sock</host>
<host>unix:///run/user/1000/podman/podman.sock</host>
-->
<bindHostToBuilder>true</bindHostToBuilder>
</docker>
</configuration>
</plugin>
Any idea?
Update:
If I enable this line in pom.xml:
unix:///run/user/1000/podman/podman.sock
I get:
[INFO] --- spring-boot-maven-plugin:2.7.0:build-image (default-cli) # sample-spring-service ---
[INFO] Building image 'docker.io/library/sample-spring-service:1.0.0-SNAPSHOT'
[INFO]
[INFO] I/O exception (java.io.IOException) caught when processing request to {}->docker://localhost:2376: com.sun.jna.LastErrorException: [2] No such file or directory
[INFO] Retrying request to {}->docker://localhost:2376
[INFO] I/O exception (java.io.IOException) caught when processing request to {}->docker://localhost:2376: com.sun.jna.LastErrorException: [2] No such file or directory
[INFO] Retrying request to {}->docker://localhost:2376
[INFO] I/O exception (java.io.IOException) caught when processing request to {}->docker://localhost:2376: com.sun.jna.LastErrorException: [2] No such file or directory
[INFO] Retrying request to {}->docker://localhost:2376
[INFO] > Pulling builder image 'docker.io/paketobuildpacks/builder:base' 100%
For anyone who runs into a similar issue with spring boot build-image, for example when using remote docker hosts
From what I understand:
the pull is done using your docker parameters in pom.xml or environment variables like DOCKER_HOST
Once the pull has been completed, creator will start a new container and run the next commands in this newly container
The connection to docker in the new container might not work, as the DOCKER_HOST might need to be different for access to docker within a new container. Within the "creator" container, /var/run/docker.sock is automatically mounted from the host system.
If you enable bindHostToBuilder, it'll pass the DOCKER_HOST (or the parameter in pom.xml) to the new container, but that might not be the correct docker hostname that is accessible from within the new container.
For me the solution was to not use bindHostToBuilder, but ensure that /var/run/docker.sock exists on the host system so that it can be mapped within the "creator" container, even though the pull happens with a different DOCKER_HOST (a remote docker)
Related
I am building my spring boot native application on an alpine (openjdk:13-alpine) docker image.
./mvnw spring-boot:build-image -DskipTests
When doing this I got an error :
[INFO] Building image 'docker.io/library/bff-distributor:0.0.1-SNAPSHOT'
[INFO]
[INFO] I/O exception (java.io.IOException) caught when processing request to {}->docker://localhost:2376: com.sun.jna.LastErrorException: [2] No such file or directory
[INFO] Retrying request to {}->docker://localhost:2376
[INFO] I/O exception (java.io.IOException) caught when processing request to {}->docker://localhost:2376: com.sun.jna.LastErrorException: [2] No such file or directory
[INFO] Retrying request to {}->docker://localhost:2376
[INFO] I/O exception (java.io.IOException) caught when processing request to {}->docker://localhost:2376: com.sun.jna.LastErrorException: [2] No such file or directory
[INFO] Retrying request to {}->docker://localhost:2376
[INFO] > Pulling builder image 'docker.io/paketobuildpacks/builder:tiny' 100%
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:54 min
[INFO] Finished at: 2021-04-16T15:26:34Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:2.4.4:build-image (default-cli) on project bff-distributor: Execution default-cli of goal org.springframework.boot:spring-boot-maven-plugin:2.4.4:build-image failed: Connection to the Docker daemon at 'localhost' failed with error "[2] No such file or directory"; ensure the Docker daemon is running and accessible: com.sun.jna.LastErrorException: [2] No such file or directory -> [Help 1]
My gitlab.ci configuration
build:
image: openjdk:13-alpine
stage: build
script:
- chmod 755 ./mvnw
- ./mvnw spring-boot:build-image -DskipTests
For information : I need it to be running on a docker image as the building it's part of my gitlab ci/cd stage.
As the link provided Scott says, you should use Docker in Docker to do what you want.
So, replace the openjdk image by the docker image (https://hub.docker.com/_/docker) and activate the dind service.
As you need Java for the Maven execution, you can simply install jdk in the "before_script" section.
Here is my gitlab-ci script for the same kind of project :
variables:
DOCKER_HOST: tcp://docker:2375
DOCKER_TLS_CERTDIR: ""
image: docker:20.10.8-dind-alpine3.13
services:
- docker:20.10.8-dind
stage: build_push
before_script:
- apk add --update openjdk11
script:
- chmod 755 ./mvnw
- ./mvnw spring-boot:build-image
I'm, trying to build a docker image with ./mvnw -DskipTests spring-boot:build-image using spring boot 2.4.1 and java 11 (openjdk version "11.0.9" 2020-10-20 LTS) on RHEL7.
I do this on a host behind a strict firewall so I have to fetch the build- and runimage from a private repo. I have configured the spring-boot-maven-plugin to use this repo:
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<docker>
<builderRegistry>
<username>my-username</username>
<password>xxx</password>
<url>https://my-mirror.com</url>
<email>kaj.hejer#usit.uio.no</email>
</builderRegistry>
</docker>
<image>
<builder>my-mirror.com/library/docker.io-paketobuildpacks-builder:base</builder>
<runImage>my-mirror.com/library/docker.io-paketobuildpacks-run:base</runImage>
<name>my-mirror.com/my-group/my-app:latest</name>
<verboseLogging>true</verboseLogging>
</image>
</configuration>
</plugin>
The build fails with
[INFO] > Pulling builder image 'my-mirror.com/library/docker.io-paketobuildpacks-builder:base' 100%
[INFO] > Pulled builder image 'my-mirror.com/library/docker.io-paketobuildpacks-builder#sha256:cf90221a33966e42f8b1960123dea4406c65fc6a410142ded573ed850ccc313b'
[INFO] > Pulling run image 'my-mirror.com/library/docker.io-paketobuildpacks-run:base' 100%
[INFO] > Pulled run image 'my-mirror.com/library/docker.io-paketobuildpacks-run#sha256:56fb7587103da155db6d4f9434fd7e2f9e45d7540a062847fd84e9132a28101b'
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 6.090 s
[INFO] Finished at: 2020-12-17T08:36:48+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:2.4.1:build-image (default-cli) on project my-app: Execution default-cli of goal org.springframework.boot:spring-boot-maven-plugin:2.4.1:build-image failed: Missing 'io.buildpacks.stack.id' stack label -> [Help 1]
[ERROR]
When I try to build a docker image the same way but without the configuration block for the spring-boot-maven-plugin on my mac which is not behind a firewall it works just fine.
Can it be SELinux releated in some way? sudo journalctl -f don't list anything when running the mvnw command.
Thanks in advance for any input or ideas!
-Kaj :)
On https://github.com/spring-projects/spring-boot/issues/24641 we found that I used the tag base instead of base-cnb. With tag base-cnb it worked fine.
Now I got a [creator] ERROR: failed to initialize docker client: failed to connect to docker socket: dial unix /var/run/docker.sock: connect: permission denied but that is not related to this question.
I have a Spring Boot app with jib-maven configured
POM
<plugin>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-maven-plugin</artifactId>
<version>2.1.0</version>
<configuration>
<from>
<image>openjdk:11-jre-slim</image>
</from>
<to>
<image>registry.demo/${project.artifactId}</image>
<tags>
<tag>${project.version}</tag>
</tags>
<tags>
<tag>latest</tag>
</tags>
</to>
<container>
<jvmFlags>
<jvmFlag>-XX:+UseContainerSupport</jvmFlag>
<jvmFlag>-XX:MinRAMPercentage=60.0</jvmFlag>
<jvmFlag>-XX:MaxRAMPercentage=90.0</jvmFlag>
<jvmFlag> -XshowSettings:vm</jvmFlag>
</jvmFlags>
<mainClass>com.demo.DemoApplication</mainClass>
</container>
</configuration>
SKAFFOLD.YAML
apiVersion: skaffold/v2beta1
kind: Config
metadata:
name: springtokube
build:
artifacts:
- image: registry.demo/springtokube
jib:
project: com.demo:springtokube
local:
push: true
concurrency: 1
useBuildkit: false
useDockerCLI: true
deploy:
kubectl:
manifests:
- deployment.yaml
ALSO SET INSECURE REGISTRY
skaffold config set --global insecure-registries registry.demo
But when using minikube I can run successfully
skaffold dev
When using other cluster (ON-PREM) I get
FATA[0016] exiting dev mode because first build failed: build failed: building [registry.demo/springtokube]: build artifact: getting image: GET http://registry.demo/v2/: : Not Found
What might be the problem?
I restarted today using kubectl context
skaffold debug --no-prune=false --cache-artifacts=false
And It Failed
Listing files to watch...
Generating tags...
- registry.demo/springtokube -> registry.demo/springtokube:cf60c31
Found [minikube] context, using local docker daemon.
Building [registry.demo/springtokube]...
.............
...............
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.294 s - in com.demo.springtokube.SpringtokubeApplicationTests
2020-04-15 08:45:48.277 INFO 30662 --- [extShutdownHook] o.s.s.concurrent.ThreadPoolTaskExecutor : Shutting down ExecutorService 'applicationTaskExecutor'
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- maven-jar-plugin:3.1.2:jar (default-jar) # springtokube ---
[INFO] Building jar: ....../springtokube/target/springtokube.jar
[INFO]
[INFO] --- spring-boot-maven-plugin:2.2.6.RELEASE:repackage (repackage) # springtokube ---
[INFO] Replacing main artifact with repackaged archive
[INFO]
[INFO] --- jib-maven-plugin:2.1.0:build (default-cli) # springtokube ---
[INFO]
[INFO] Containerizing application to registry.demo/springtokube:cf60c31, registry.demo/springtokube...
[WARNING] Base image 'openjdk:11-jre-slim' does not use a specific image digest - build may not be reproducible
[INFO] Getting manifest for base image openjdk:11-jre-slim...
[INFO] Building dependencies layer...
[INFO] Building resources layer...
[INFO] Building classes layer...
[INFO] Using credentials from Docker config (~/.docker/config.json) for registry.demo/springtokube:cf60c31
[WARNING] Cannot verify server at https://registry.demo/v2/. Attempting again with no TLS verification.
[WARNING] Cannot verify server at https://registry.demo/v2/springtokube/blobs/sha256:1fb3fb86aa52691fa3705554da5ba07dcb556f62a93ba7efab0e397ca3db092c. Attempting again with no TLS verification.
[WARNING] Cannot verify server at https://registry.demo/v2/springtokube/blobs/sha256:88a7d9887f9fdeb5a4736d07c64818453e00e71fe916b13f413eb6e545445a68. Attempting again with no TLS verification.
[WARNING] Cannot verify server at https://registry.demo/v2/springtokube/blobs/sha256:a6c851c4b90b9eb7af89d240dd4f438dba9feba5c78600fed7eadddf8cb7b647. Attempting again with no TLS verification.
[INFO] The base image requires auth. Trying again for openjdk:11-jre-slim...
[INFO] Using credentials from Docker config (~/.docker/config.json) for openjdk:11-jre-slim
[INFO] Using base image with digest: sha256:01669f539159a1b5dd69c4782be9cc7da0ac1f4ddc5e2c2d871ef1481efd693e
[INFO]
[INFO] Container entrypoint set to [java, -XX:+UseContainerSupport, -XX:MinRAMPercentage=60.0, -XX:MaxRAMPercentage=90.0, -XshowSettings:vm, -cp, /app/resources:/app/classes:/app/libs/*, com.demo.springtokube.SpringtokubeApplication]
[INFO]
[INFO] Built and pushed image as registry.demo/springtokube:cf60c31, registry.demo/springtokube
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 20.058 s
[INFO] Finished at: 2020-04-15T08:45:57+03:00
[INFO] ------------------------------------------------------------------------
Pruning images...
FATA[0024] exiting dev mode because first build failed: build failed: building [registry.demo/springtokube]: build artifact: getting image: GET http://registry.demo/v2/: : Not Found
I thought the minikube works. But disabling cache fails to build
if I run
skaffold debug OR skaffold dev
Works Fine
But if I run with cache disabled
skaffold debug --no-prune=false --cache-artifacts=false
FAILS it shows the logs above
After days of struggling I found a solution.
Following Brian de Alwis suggestions I was able to make Skaffold work with Self Signed Certificate.
Skaffold build or dev does not use certificate put in.
/etc/docker/certs.d/myregistrydomain.com/ca.crt
The path is used by docker client only.
The solution was to put yout registry certificate into
/usr/local/share/ca-certificates/myregistrydomain.com.crt
Then
update-ca-certificates
Check The link for more info
If you are using self signed certificate no need for insecure registry in your scaffold yaml file
apiVersion: skaffold/v2beta1
kind: Config
metadata:
name: springtokube
build:
# insecureRegistries:
# - myregistrydomain.com
Or Running skaffold with
skaffold dev --insecure-registry=myregistrydomain.com
Hope this help someone else struggling to make skaffold works with self signed certificate
I use docker tool box in my windows 10 home laptop. Trying to create a docker image using the springboot project I have been working on. Followed the tutorial at https://spring.io/guides/gs/spring-boot-docker/
Have been struggling with the error for past three days
Apr 03, 2019 11:52:57 AM com.spotify.docker.client.shaded.org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (java.net.SocketException) caught when processing request to {s}->https://192.168.99.100:2376: Connection reset by peer: socket write error
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 46.027 s
[INFO] Finished at: 2019-04-03T11:52:57+05:30
[INFO] Final Memory: 63M/433M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.spotify:dockerfile-maven-plugin:1.4.9:build (default-cli) on project IssueTracker: Could not build image: java.util.concurrent.ExecutionException: com.spotify.docker.client.shaded.javax.ws.rs.ProcessingException: com.spotify.docker.client.shaded.org.apache.http.client.ClientProtocolException: Cannot retry request with a non-repeatable request entity: Connection reset by peer: socket write error -> [Help 1]
Many websites I look up said this could be something related to disabling TLS. I tried to expose the host, disable the tls but still the issue persists. Any help will be appreciated.
The following is my maven plugin config
<plugin>
<groupId>com.spotify</groupId>
<artifactId>dockerfile-maven-plugin</artifactId>
<version>1.4.9</version>
<configuration>
<repository>${docker.image.prefix}/${project.artifactId}</repository>
</configuration>
</plugin>
Did you try to run this maven goal inside "Docker Quickstart Terminal"?
I have a zap Maven plugin in my Maven pom.xml and I have provided goals as analyze. I didn't install zap server and in pom.xml I used as <shouldRunWithDocker>true</shouldRunWithDocker>. Please tell me the way to scan my project using Maven plugin. It is showing error as below.
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- zap-maven-plugin:1.2.1-0:analyze (default-cli) # IOPmsPerformanceTesting ---
[INFO] Starting ZAP analysis at target: https://example.com
[INFO] --- Validating authentication information ---
[INFO] Authentication information provided: AuthenticationInfo[type=CAS,loginUrl=https://example.com,username=12,password=679,extraPostData=,loggedInRegex=,loggedOutRegex=\QLocation:https://checkmarx.web.att.com\E.*,excludeFromScan=,protectedPages={https://checkmarx.web.att.com},loginRequestData=username={%username%}&password={%password%},usernameParameter=username,passwordParameter=password,httpSessionTokens=,seleniumDriver=Firefox,hostname=,realm=,port=80]
[INFO] The authentication information provided was successfully validated.
[INFO] --- Finished validating authentication information ---
[ERROR] Error creating a new ZAP session.
br.com.softplan.security.zap.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused (Connection refused)
[ERROR] Error while trying to create the script file for CAS authentication in /zap/scripts/. The analysis will continue but CAS authentication will work only if the script file can be accessed by ZAP's Docker image (a default volume is created in /zap/scripts/).
java.io.FileNotFoundException: /zap/scripts/cas-auth.js (No such file or directory)
at java.io.FileOutputStream.open0(Native Method)
I suspect its because ZAP no longer allows you to connect to the API from remote IP addresses by default. You can override this from the ZAP command line: https://github.com/zaproxy/zaproxy/wiki/FAQapikey
Ideally the ZAP Maven Plugin should do this, but it doesnt look like thats been updated recently:/ https://github.com/pdsoftplan/zap-maven-plugin