Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Native image deployment failed #1871

Closed
wilvdb opened this issue Sep 8, 2023 · 3 comments
Closed

Native image deployment failed #1871

wilvdb opened this issue Sep 8, 2023 · 3 comments

Comments

@wilvdb
Copy link

wilvdb commented Sep 8, 2023

I'm trying to deploy Infinispan CR by using native image:

apiVersion: infinispan.org/v1
kind: Infinispan
metadata:
  name: infinispan
spec:
  replicas: 2
  version: 14.0.13
  image: quay.io/infinispan/server-native:14.0.13.Final
  container:
    memory: 512Mi
    cpu: 500m
  service:
    type: Cache
    container:
      storageClassName: trident-csi-apps-topology
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution :
        - labelSelector:
            matchLabels:
              app: infinispan-pod
              clusterName: infinispan
              infinispan_cr: infinispan
          topologyKey: "topology.kubernetes.io/hostname"

But I get an SSL related error at startup:

2023-09-08 08:30:51,489 FATAL [org.inf.SERVER] (main) ISPN080028: Infinispan Server failed to start: org.infinispan.commons.CacheConfigurationException: ELY15001: No 'SSLContext' provided by the configured providers
at org.infinispan.server.configuration.security.RealmConfiguration.buildSSLContexts(RealmConfiguration.java:149)
at org.infinispan.server.configuration.security.RealmConfiguration.init(RealmConfiguration.java:118)
at org.infinispan.server.configuration.security.RealmsConfiguration.init(RealmsConfiguration.java:33)
at org.infinispan.server.configuration.security.SecurityConfiguration.<init>(SecurityConfiguration.java:17)
at org.infinispan.server.configuration.security.SecurityConfigurationBuilder.create(SecurityConfigurationBuilder.java:43)
at org.infinispan.server.configuration.ServerConfigurationBuilder.create(ServerConfigurationBuilder.java:78)
at org.infinispan.server.configuration.ServerConfigurationBuilder.create(ServerConfigurationBuilder.java:22)
at org.infinispan.configuration.global.GlobalConfigurationBuilder.build(GlobalConfigurationBuilder.java:267)
at org.infinispan.configuration.ConfigurationManager.<init>(ConfigurationManager.java:39)
at org.infinispan.manager.DefaultCacheManager.<init>(DefaultCacheManager.java:380)
at org.infinispan.server.Server.run(Server.java:392)
at org.infinispan.server.Bootstrap.runInternal(Bootstrap.java:173)
at org.infinispan.server.tool.Main.run(Main.java:98)
at org.infinispan.server.Bootstrap.main(Bootstrap.java:56)
at org.infininspan.quarkus.server.InfinispanQuarkusServer.run(InfinispanQuarkusServer.java:13)
at org.infininspan.quarkus.server.InfinispanQuarkusServer_ClientProxy.run(Unknown Source)
at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:131)
at io.quarkus.runtime.Quarkus.run(Quarkus.java:70)
at io.quarkus.runtime.Quarkus.run(Quarkus.java:43)
at io.quarkus.runner.GeneratedMain.main(Unknown Source)
Caused by: java.security.NoSuchAlgorithmException: ELY15001: No 'SSLContext' provided by the configured providers
at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:166)
at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:341)
at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
at org.infinispan.server.configuration.security.RealmConfiguration.buildSSLContexts(RealmConfiguration.java:145)
... 19 more

Is there something specific to do to use this image ?
@ryanemerson
Copy link
Contributor

ryanemerson commented Sep 8, 2023
edited
Loading

@wilvdb Unfortunately TLS is not supported in the native image currently infinispan/infinispan-quarkus#119. If you require TLS then you will need to use the JVM based images, otherwise you can disable encryption by setting: spec.security.endpointEncryption.type: None in your Infinispan CR.

https://infinispan.org/docs/infinispan-operator/main/operator.html#disabling-encryption_tls

I see in your CR you're using spec.service.type: Cache I would strongly recommend that you utilise spec.service.type: DataGrid instead as the former has been deprecated and will eventually be removed.

@wilvdb
Copy link
Author

wilvdb commented Sep 8, 2023

@ryanemerson I disabled TLS as you described, but now, it looks like Infinispan crash beacause JNDI is disabled:

2023-09-08 11:00:41,583 FATAL [org.inf.SERVER] (main) ISPN080028: Infinispan Server failed to start: org.infinispan.manager.EmbeddedCacheManagerStartupException: ISPN000541: Error while trying to create a channel using the specified configuration '[TCP(bundler.max_size=64000, sock_conn_timeout=300, thread_pool.keep_alive_time=60000, port_range=0, diag.enabled=false, bind_port=7800, thread_naming_pattern=pl, thread_pool.thread_dumps_threshold=10000, send_buf_size=640k, thread_pool.max_threads=200, bundler_type=transfer-queue, bind_addr=SITE_LOCAL, thread_pool.min_threads=0), RED(), MPING(ip_ttl=2, mcast_port=46655, mcast_addr=239.6.7.8, num_discovery_runs=3), MERGE3(max_interval=30000, min_interval=10000), FD_SOCK2(offset=50000), FD_ALL3(), VERIFY_SUSPECT2(timeout=1000), pbcast.NAKACK2(xmit_table_num_rows=50, use_mcast_xmit=false, xmit_table_msgs_per_row=1024, xmit_table_max_compaction_time=30000, xmit_interval=200, resend_last_seqno=true), UNICAST3(conn_close_timeout=5000, xmit_interval=200, xmit_table_num_rows=50, xmit_table_msgs_per_row=1024, xmit_table_max_compaction_time=30000), pbcast.STABLE(desired_avg_gossip=5000, max_bytes=1M), pbcast.GMS(join_timeout=2000, print_local_addr=false), UFC(min_threshold=0.40, max_credits=4m), MFC(min_threshold=0.40, max_credits=4m), FRAG4(frag_size=60000), dns.DNS_PING(dns_record_type=A, dns_query=infinispan-ping.cifwt-tst.svc.cluster.local)]'
	at org.infinispan.manager.DefaultCacheManager.internalStart(DefaultCacheManager.java:781)
	at org.infinispan.manager.DefaultCacheManager.start(DefaultCacheManager.java:746)
	at org.infinispan.server.SecurityActions.lambda$startCacheManager$1(SecurityActions.java:68)
	at org.infinispan.security.Security.doPrivileged(Security.java:56)
	at org.infinispan.server.SecurityActions.doPrivileged(SecurityActions.java:40)
	at org.infinispan.server.SecurityActions.startCacheManager(SecurityActions.java:71)
	at org.infinispan.server.Server.run(Server.java:408)
	at org.infinispan.server.Bootstrap.runInternal(Bootstrap.java:173)
	at org.infinispan.server.tool.Main.run(Main.java:98)
	at org.infinispan.server.Bootstrap.main(Bootstrap.java:56)
	at org.infininspan.quarkus.server.InfinispanQuarkusServer.run(InfinispanQuarkusServer.java:13)
	at org.infininspan.quarkus.server.InfinispanQuarkusServer_ClientProxy.run(Unknown Source)
	at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:131)
	at io.quarkus.runtime.Quarkus.run(Quarkus.java:70)
	at io.quarkus.runtime.Quarkus.run(Quarkus.java:43)
	at io.quarkus.runner.GeneratedMain.main(Unknown Source)
Caused by: org.infinispan.commons.CacheConfigurationException: ISPN000541: Error while trying to create a channel using the specified configuration '[TCP(bundler.max_size=64000, sock_conn_timeout=300, thread_pool.keep_alive_time=60000, port_range=0, diag.enabled=false, bind_port=7800, thread_naming_pattern=pl, thread_pool.thread_dumps_threshold=10000, send_buf_size=640k, thread_pool.max_threads=200, bundler_type=transfer-queue, bind_addr=SITE_LOCAL, thread_pool.min_threads=0), RED(), MPING(ip_ttl=2, mcast_port=46655, mcast_addr=239.6.7.8, num_discovery_runs=3), MERGE3(max_interval=30000, min_interval=10000), FD_SOCK2(offset=50000), FD_ALL3(), VERIFY_SUSPECT2(timeout=1000), pbcast.NAKACK2(xmit_table_num_rows=50, use_mcast_xmit=false, xmit_table_msgs_per_row=1024, xmit_table_max_compaction_time=30000, xmit_interval=200, resend_last_seqno=true), UNICAST3(conn_close_timeout=5000, xmit_interval=200, xmit_table_num_rows=50, xmit_table_msgs_per_row=1024, xmit_table_max_compaction_time=30000), pbcast.STABLE(desired_avg_gossip=5000, max_bytes=1M), pbcast.GMS(join_timeout=2000, print_local_addr=false), UFC(min_threshold=0.40, max_credits=4m), MFC(min_threshold=0.40, max_credits=4m), FRAG4(frag_size=60000), dns.DNS_PING(dns_record_type=A, dns_query=infinispan-ping.cifwt-tst.svc.cluster.local)]'
	at org.infinispan.remoting.transport.jgroups.JGroupsTransport.channelFromConfigurator(JGroupsTransport.java:780)
	at org.infinispan.remoting.transport.jgroups.JGroupsTransport.buildChannel(JGroupsTransport.java:749)
	at org.infinispan.remoting.transport.jgroups.JGroupsTransport.initChannel(JGroupsTransport.java:504)
	at org.infinispan.remoting.transport.jgroups.JGroupsTransport.start(JGroupsTransport.java:485)
	at org.infinispan.remoting.transport.jgroups.CorePackageImpl$1.start(CorePackageImpl.java:42)
	at org.infinispan.remoting.transport.jgroups.CorePackageImpl$1.start(CorePackageImpl.java:27)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl.invokeStart(BasicComponentRegistryImpl.java:616)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl.doStartWrapper(BasicComponentRegistryImpl.java:607)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:576)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:807)
	at org.infinispan.metrics.impl.MetricsCollector.start(MetricsCollector.java:78)
	at org.infinispan.metrics.impl.CorePackageImpl$1.start(CorePackageImpl.java:41)
	at org.infinispan.metrics.impl.CorePackageImpl$1.start(CorePackageImpl.java:34)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl.invokeStart(BasicComponentRegistryImpl.java:616)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl.doStartWrapper(BasicComponentRegistryImpl.java:607)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:576)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:807)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:634)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl.doStartWrapper(BasicComponentRegistryImpl.java:598)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:576)
	at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:807)
	at org.infinispan.factories.AbstractComponentRegistry.internalStart(AbstractComponentRegistry.java:379)
	at org.infinispan.factories.AbstractComponentRegistry.start(AbstractComponentRegistry.java:252)
	at org.infinispan.manager.DefaultCacheManager.internalStart(DefaultCacheManager.java:778)
	... 15 more
Caused by: javax.naming.NamingException: JNDI has been disabled, enable it with quarkus.naming.enable-jndi=true
	at io.quarkus.runtime.naming.DisabledInitialContext.init(DisabledInitialContext.java:210)
	at [email protected]/javax.naming.InitialContext.<init>(InitialContext.java:208)
	at [email protected]/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:130)
	at [email protected]/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:102)
	at io.quarkus.runtime.naming.DisabledInitialContext.<init>(DisabledInitialContext.java:32)
	at io.quarkus.runtime.naming.DisabledInitialContextManager$1.getInitialContext(DisabledInitialContextManager.java:28)
	at [email protected]/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:732)
	at [email protected]/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
	at [email protected]/javax.naming.InitialContext.init(InitialContext.java:236)
	at [email protected]/javax.naming.InitialContext.<init>(InitialContext.java:208)
	at [email protected]/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:130)
	at org.jgroups.protocols.dns.DefaultDNSResolver.<init>(DefaultDNSResolver.java:42)
	at org.jgroups.protocols.dns.DNS_PING.init(DNS_PING.java:58)
	at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:794)
	at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:781)
	at org.jgroups.stack.ProtocolStack.init(ProtocolStack.java:777)
	at org.jgroups.JChannel.<init>(JChannel.java:155)
	at org.infinispan.remoting.transport.jgroups.EmbeddedJGroupsChannelConfigurator.createChannel(EmbeddedJGroupsChannelConfigurator.java:136)
	at org.infinispan.remoting.transport.jgroups.JGroupsTransport.channelFromConfigurator(JGroupsTransport.java:778)
	... 38 more

I tried to add the missing property but it looks like it's build time property:

apiVersion: infinispan.org/v1
kind: Infinispan
metadata:
  name: infinispan
spec:
  replicas: 2
  version: 14.0.13
  image: quay.io/infinispan/server-native:14.0.13.Final
  container:
    extraJvmOpts: "-Dquarkus.naming.enable-jndi=true"
    memory: 512Mi
    cpu: 500m
  service:
    type: DataGrid
    container:
      storageClassName: trident-csi-apps-topology
  security:
    endpointEncryption:
      type: None
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution :
        - labelSelector:
            matchLabels:
              app: infinispan-pod
              clusterName: infinispan
              infinispan_cr: infinispan
          topologyKey: "topology.kubernetes.io/hostname"

@ryanemerson
Copy link
Contributor

@wilvdb Sorry I forgot about that issue infinispan/infinispan-quarkus#116, otherwise I would have mentioned it before. The native image is very much a POC in it's current state and isn't really suitable for production. I would recommend using the JVM based image.

@wilvdb wilvdb closed this as completed Sep 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ryanemerson @wilvdb