Kernel-slim UBI docker image not working with springBootUtility - open-liberty

Team, Is it possible to use springBootUtility with OpenLiberty kernel-slim UBI images (e.g. - kernel-slim-java8-openj9-ubi) ?
https://openliberty.io/docs/21.0.0.7/reference/command/springbootUtility-thin.html
Because, it's giving an error as
Step 3/11 : RUN springBootUtility thin --sourceAppPath=/staging/fat-order-0.0.1-SNAPSHOT.jar --targetThinAppPath=/staging/thin-order-0.0.1-SNAPSHOT.jar --targetLibCachePath=/staging/lib.index.cache
---> Running in 3023c669c4d7
/bin/sh: springBootUtility: command not found
The springBootUtility is only working with OpenLiberty full UBI images

The kernel-slim image does not appear to have that command at all. Compare kernel-slim:
bash-5.1$ docker run --rm -it openliberty/open-liberty:kernel-slim-java8-openj9-ubi ls /opt/ol/wlp/bin
auditUtility binaryLog.bat productInfo securityUtility.bat serverSchemaGen
auditUtility.bat featureUtility productInfo.bat server serverSchemaGen.bat
binaryLog featureUtility.bat securityUtility server.bat tools
To full:
bash-5.1$ docker run --rm -it openliberty/open-liberty:full-java8-openj9-ubi ls /opt/ol/wlp/bin
auditUtility binaryLog.bat featureUtility pluginUtility securityUtility.bat springBootUtility
auditUtility.bat client featureUtility.bat pluginUtility.bat server springBootUtility.bat
batchManager client.bat jaxb productInfo server.bat tools
batchManager.bat ddlGen jaxrs productInfo.bat serverSchemaGen
binaryLog ddlGen.bat jaxws securityUtility serverSchemaGen.bat
There appears to be a hole in the documentation, since nothing indicates you need to do this, but you need to install the springBoot feature into Open Liberty before the command will be added. Copy your server.xml with spring boot specified into the image, then run features.sh:
COPY --chown=1001:0 server.xml /config/
RUN features.sh
After that, springBootUtility will be placed in the /opt/ol/wlp/bin dir and should be on the path as well for further Dockerfile directives to use.

Related

Cannot run Spring Boot aplication in Docker (Getting ERR_EMPTY_RESPONSE) in Windows 10?

I have a problem with my Spring Boot Application running in Docker.
Here is my Dockerfile embedded in my app shown below.
FROM adoptopenjdk:11-jre-hotspot
ARG JAR_FILE=target/*.jar
COPY ${JAR_FILE} app-0.0.1-SNAPSHOT.jar
ENTRYPOINT ["java","-jar","/app-0.0.1-SNAPSHOT.jar"]
After I run mvn clean install, I get an app-0.0.1-SNAPSHOT.jar and then define it into a Docker file
Next, I ran this command docker build -t app . I saw this container installed on my docker desktop.
After running this command docker image ls, I also saw this container in the list.
I ran this command docker run -p 9999:8080 app to run it in docker.
The container worked flawlessly after running this command (docker ps)
Next, I test any URL like http://localhost:9999/getCategoryById/1 instead of http://localhost:8080/getCategoryById/1 in Postman but I get the message (Could not send request). When I test this URL in the browser, I get the message ERR_EMPTY_RESPONSE.
I learned the container IP address via docker inspect container_id then I used http://172.17.0.2:9999/getCategoryById/1 but nothing changed.
I also checked if the IP address manages the package (ping 172.17.0.2) but I got Request timed out message.
Here is my project link : Link
How can I fix my issue?
In your application, server.port property in application.properties file, that's used to configure port for Spring Boot embedded Tomcat Server is 8082.
To access the application on the container port 8080, you'd need to override server.port property. One of the ways property can be overridden is using an environment variable like below,
docker run -e SERVER_PORT=8080 -p 9999:8080 app
where SERVER_PORT corresponds to the container port specified in -p <hostPort>:<containerPort>
Other option is to directly update the property in application.properties file like below. After the update, you can then use the same command you've used to run the docker image docker run -p 9999:8080 app
server.port= 8080

M1 mac cannot run jboss/keycloak docker image

Switched to m1 mac a week ago and I cannot get my application up and running with docker because of the jboss/keycloak image not working as expected. Getting the following message from the container when trying to access localhost:8080
12:08:12,456 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service org.wildfly.network.interface.private: org.jboss.msc.service.StartException in service org.wildfly.network.interface.private: WFLYSRV0082: failed to resolve interface private
12:08:12,526 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("interface" => "private")]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.network.interface.private" => "WFLYSRV0082: failed to resolve interface private"}}
12:08:13,463 ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) started (with errors) in 20826ms - Started 483 of 925 services (54 services failed or missing dependencies, 684 services are lazy, passive or on-demand)
Tried with all image versions and all behave the same. Has anyone managed to run this image without issues? Thanks
Also you can build the keycloak docker image locally, I was able to start keycloak after doing that. Here are the steps I follow;
Clone Keycloak containers repository: git clone git#github.com:keycloak/keycloak-containers.git
Open server directory (cd keycloak-containers/server)
Checkout at desired version, eg. git checkout 12.0.4
Build docker image docker build -t jboss/keycloak:12.0.4 .
Run Keycloak docker run --rm -p 9080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak:12.0.4
Using this image, I am now able to startup keycloak. https://hub.docker.com/r/wizzn/keycloak
For Keycloak 16, docker 20.10 and docker-compose 1.29, this image works flawlessly: https://hub.docker.com/r/sleighzy/keycloak - as suggested by #zakjan.
A service like:
keycloak:
image: sleighzy/keycloak
environment:
... your Keycloak config
Should be enough to get up and running.
I'm on an m1 and I ran this and it worked.
docker run --platform=linux/amd64 -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:17.0.0 start-dev
I merely add --platform=linux/amd64 to their docker command I found in https://www.keycloak.org/getting-started/getting-started-docker
The location for building a quarkus version of keycloak has changed, so this method will not work anymore for any major releases greater than 16. But the following script will. Just save it as an sh. file and execute it in your terminal. By enabling the last line, this will also directly start an instance of Keycloak.
The version number can be changed, but this is only tested for M1 chips and version 17.0.0.
VERSION=17.0.0 # set version here
cd /tmp
git clone git#github.com:keycloak/keycloak.git
cd keycloak/quarkus/container
git checkout $VERSION
docker build -t "quarkus-keycloak:$VERSION" .
#docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin "quarkus-keycloak:$VERSION" start-dev --http-relative-path /auth
There is an update to this issue - images for AMD64 and ARM64 architectures are now available and can be found here: https://quay.io/repository/keycloak/keycloak?tab=tags.
Ref the discussions in Github (https://github.com/keycloak/keycloak-containers/issues/341 and https://github.com/keycloak/keycloak/issues/8825).
jboss/keycloak not supported arm64 for now.
But you can use that image on docker hub: mihaibob/keycloak
https://hub.docker.com/r/mihaibob/keycloak
I'm using this and haven't difference.
I don't have a mac but I just started working with jboss/keycloak lately and have been able to get it to start.
Essentially what I did (assuming docker is installed):
docker pull jboss/keycloak:16.1.0
docker run --env-file targetDB.txt -p 8080:8080 jboss/keycloak:16.1.0
Might have to do those commands with sudo
This pulls the jboss/keycloak image from docker hub and then it runs it exposing the port 8080 within the container to the host machine. It also uses the environment variables in the .txt file (which contains info on the database endpoint you wish to connect keycloak to to persist data).
If you don't specify --env-file <text file> I believe keycloak uses its default h2 Database which isn't the best.
I have my local jboss/keycloak pointing to an postgres db I have in an AWS RDS environment, so the contents of the targetDB.txt for me is:
DB_VENDOR=postgres
DB_ADDR=<my postgres aws rds endpoint>:5432
DB_DATABASE=<name of the database>
DB_USER=<db username to connect to postgres instance>
DB_PASSWORD=<password associated with db username to connect>
If I'm not mistaken the name of the Database in DB_DATABASE field must already exist. So you'll need to create that before running the docker run command.
After you do the docker run command above and the logs show it starting up you should be able to access the keycloak admin console on your local browser:
http://localhost:8080/auth
If this is the first time you're running keycloak you have to create a master/admin user before you can log in.
To add a master user, run these commands (while your keycloak is already running):
docker exec <container id or container name> /opt/jboss/keycloak/bin/add-user-keycloak.sh -u <USERNAME> -p <PASSWORD>
then you need to restart your keycloak container:
docker restart <container id or container name>
Again you might have to do those commands with sudo.
After thats done, go back to your local web browser http://localhost:8080/auth and you can now access the login page and actually login with the username and password you created above.

Docker: "Cannot access '/var/lib/docker/containers': No such file or directory" error [duplicate]

I'm using Windows 10 with native docker installation.
I'm looking for the location where docker save the containers logs.
In Linux, the Docker containers log files are in this location:
/var/lib/docker/containers/container-id/container-id-json.log
But where can I find it in windows 10 ?
For Windows 10 + WSL 2 (Ubuntu 20.04), Docker version 20.10.2, build 2291f61
Lets DOCKER_ARTIFACTS == \\wsl$\docker-desktop-data\version-pack-data\community\docker
Container logs can be found in the following location
DOCKER_ARTIFACTS\containers\[Your_container_ID]\[Your_container_ID]-json.log
Here is an example :
Check first if those logs are in (as suggested here):
C:\ProgramData\docker\containers\[container_ID]\[container_ID]-json.log
The Docker C:\ProgramData\docker is the Root Dir reported by docker info.
Regarding Docker Linux through Hyper-v, check if "How to Delete Docker Container Log Files (Windows or Linux) " can help (from Jon Gallant):
Run docker inspect to find your Docker log file location
Find the “Docker Root Dir” Value, mine is /var/lib/docker
Your docker log file path should be /var/lib/docker, but if it isn’t, then change it in the command below.
find /var/lib/docker/containers/ -type f -name "*.log"
The command you see in this image is based on "How to SSH into the Docker VM (MobyLinuxVM) on Windows"
We aren’t technically going to SSH into the VM, we’ll create a container that has full root access and then access the file system from there.
Get container with access to Docker Daemon
Run container with full root access
Switch to host file system
Open a Command prompt and execute the following:
docker run --privileged -it -v /var/run/docker.sock:/var/run/docker.sock jongallant/ubuntu-docker-client
docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v /:/host alpine /bin/sh
chroot /host
Execute the find command there, and you should find the logs.
For Windows 10 + Docker Desktop version 3.6.0, the virtual path for logs and data (artifacts) is \\wsl$\docker-desktop-data\version-pack-data\community\docker (you can copy/paste it in Explorer navigation bar).
The logs are at \\wsl$\docker-desktop-data\version-pack-data\community\docker\containers\[containerID]\[containerID]-json.logs
and the data is under \\wsl$\docker-desktop-data\version-pack-data\community\docker\volumes\[volumeID]\_data
How to get containerID:
You can find container ID (truncated) by running docker ps in a command prompt. You can also find it by clicking the CLI button on DockerDesktop next to the container name, the id will be in the title of the cmd window that will pop up.
Once you have the id, you can navigate to containers\[containerID] under the artifacts directory (\\wsl$\docker-... above). The log file will have the .log extension and its name will have the containerID in it. Keep in mind that it will be an enriched json format though, so not easily readable.
How to get volumeID:
To find a container's data (for example kafka broker topics), you need to find the id of the volumes where the data is stored. For that you will need to click on the container in DockerDesktop, then click INSPECT (top right). You can then scroll down to find Mounts configuration entries. Each mount will have a volumeID (different from containerID), and that volumeID will be part of a path similar to this one /var/lib/docker/volumes/71f7a5992c58fdcf229c3848acb014712f34fab380bc7c712cf5a0a632fe9110/_data. volumeID here being 71f7a5992c58fdcf229c3848acb014712f34fab380bc7c712cf5a0a632fe9110.
You can then take volumeID and navigate to volumes\[volumeID] under the artifacts directory (\\wsl$\docker-... above) where the data will be located.
For me, using Docker Desktop for Windows on version 4.9.1 (81317), Windows 10 21H2, WSL 2 mode, the containers' folders were at
\\wsl$\docker-desktop-data\data\docker\containers
Slightly different from the others.
For Windows Users who wants to delete all Docker log files on WSL 2.
The path to the docker container is correct thx to #craftsmannadeem
\\wsl$\docker-desktop-data\version-pack-data\community\docker\containers
Here a command to execute on Windows to delete all log files:
del /s \\wsl$\docker-desktop-data\version-pack-data\community\docker\containers\*-json.log
Bye bye Docker logs:
File was deleted - \\wsl$\docker-desktop-data\version-pack-data\community\docker\containers\2012efd0ccfb8aed6291dd9a3b7b5aef507b6af4fce5b85e9306f45980db9531\2012efd0ccfb8aed6291dd9a3b7b5aef507b6af4fce5b85e9306f45980db9531-json.log
File was deleted - \\wsl$\docker-desktop-data\version-pack-data\community\docker\containers\9e627f1fe8f3c3ab85c64f85f93942d1f077e9a6e2896b51df782b0c0c3777d1\9e627f1fe8f3c3ab85c64f85f93942d1f077e9a6e2896b51df782b0c0c3777d1-json.log
File was deleted - \\wsl$\docker-desktop-data\version-pack-data\community\docker\containers\6ea8f3cb354c199bc719701f8f1e75c333f81cd2f03dca0c7a626cbcbf9ed5a0\6ea8f3cb354c199bc719701f8f1e75c333f81cd2f03dca0c7a626cbcbf9ed5a0-json.log
...
For window system logs are located at C:\ProgramData\Docker\containers or %APPDATA%\Docker
For Linux system logs are located at /var/lib/docker/containers
I couldn't find where the logs were stored locally. (Good chance they aren't plain text any more. However, if you just need the output of the logs, you can run a command like this:
docker logs --details [container-name] > container-name.log
This will grab the logs for the container and write them to a log file in the current directory.
Note: The --details adds additional info to the logs like environment variables and the like, but is not required for the command to work.
If you use docker-compose with windows+wsl, In my case the log monitoring agent (also running as a container in docker) was not able to find the log files eventhough the path for logs was mounted as volume.
volumes:
- /var/run/docker.sock:/var/run/docker.sock
-/var/lib/docker:/var/lib/docker
The log monitoring agent could not find logs in
/var/lib/docker/containers/**/*.log
The problem in my case was, I was running docker-compose up command for the log monitoring agent from within wsl shell. When I ran it from windows powershell or cmd, the agent was able to find the logs in mounted path.

Problem running a docker container by specifying sh or bash for that image on a vm instance

I have vm environment which i have created using Microsoft azure cloud. I have installed docker in this vm. I can run docker image without specifying the any terminal like sh or bash and it is working. when i say
docker run -it hello-world --->> it works
docker run -it hello-world sh ---->>> it don't works.
actually i am working on a networking tool kathara where i have to start a virtual lab using many pcs and router and then i have to specify the terminal for them when i want to open any pc or router.
this is the actual error i am getting wheni start conatiner
"critical - 400 client error: bad request ("oci runtime exec failed: exec failed: container_linux.go:349: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory": unknown")"
docker run -it hello-world runs the container's default command: ./hello. That works, because that's what the container is designed to do.
docker run -it hello-world /bin/bash tries to run /bin/bash inside the container. That doesn't work, because that's not what the container is designed to do. That command does not exist within the container.
If you want to run /bin/bash, choose a container that has /bin/bash.
This is even suggested in the output of docker run -it hello-world:
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

fork/exec ./debug: operation not permitted

My goal is to be able to remote debug from Atom.io. into a docker container running go in dlv debugger. This is the first problem:
Update:1. I am running Docker container on a mac, but that should not influence the code signing thing as I am running in a container, right?
Update:2. Codesignig the host, did not help.
Error:
1. root#...:/go/src/app# go get github.com/derekparker/delve/cmd/dlv
2. root#...:/go/src/app# dlv debug hello.go
could not launch process: fork/exec ./debug: operation not permitted
Then tried to
1. root#...:/go/src/app# sudo
2. bash: sudo: command not found
According Delve Issue #515
Docker has security settings preventing ptrace(2) operations by
default with in the container. Pass --security-opt seccomp:unconfined
to docker run when starting.
*confirmation of this in official docker bug tracker https://github.com/docker/docker/issues/21051
It seems to work if you start the container with --privileged. I've tried to figure out if there is a more fine-grained capability but failed.
Also I just found https://github.com/steeve/homebrew-delve which should make things easier on OSX.
Docker has security settings preventing ptrace(2)
See how i fixed it.
if using a docker-compose file to run the container then append seccomp:unconfined in the services section like below
api:
security_opt:
- seccomp:unconfined
if using docker run ...passing seccomp:unconfined works as well
Run Docker container as a command:
docker run -itd -p 2028:22 -p 2345:2345 --dns=10.236.8.8 --privileged=true --name=golang centos7-golang /usr/bin/supervisord
it works for me~

Resources