Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hub container does not start when upgrading from 1.3.0 to 1.3.1 java: exec format error #251

Open
2 tasks done
Christopher87R opened this issue Jan 14, 2024 · 5 comments
Open
2 tasks done

Hub container does not start when upgrading from 1.3.0 to 1.3.1 java: exec format error #251

Christopher87R opened this issue Jan 14, 2024 · 5 comments
Labels
state:awaiting-response We need further input from the issue author type:bug Something isn't working

Comments

@Christopher87R
Copy link

Please agree to the following

Summary

java: exec format error

System Setup

- Hub: 1.3.1
- Keycloak: 22.0.5
- Cryptomator (Desktop/Android/iOS): -
-

Steps to Reproduce

Changed hub version from 1.3.0 to 1.3.1 in my docker compose file
Hub Container does not start

Expected Behavior

Start of all containers as it was the case for 1.3.0

Actual Behavior

Hub Container crashes with
exec /opt/java/openjdk/bin/java: exec format error

Reproducibility

Always

Relevant Log Output

No response

Anything else?

No response
@Christopher87R Christopher87R added the type:bug Something isn't working label Jan 14, 2024
@infeo
Copy link
Member

infeo commented Jan 15, 2024

@Christopher87R I cannot reproduce this. On my Windows 11 dev machine and on my ubuntu 22.04 VM, both run the 1.3.1 image without any problem. What is your docker-compose file?

@infeo infeo added the state:awaiting-response We need further input from the issue author label Jan 15, 2024
@Christopher87R
Copy link
Author 

# Template for Cryptomator Hub deployment according to your specifications.

# If for some reason you later change any of the following environment variables, make sure to remove `--optimized` from the keycloak command, otherwise it will not start:
#  * KC_DB
#  * KC_HEALTH_ENABLED
#  * KC_HTTP_RELATIVE_PATH

# Generated using script version 3

networks:
  hub-internal: {}
  proxy:
    external: true
services:
  init-config:
    image: bash:5
    volumes:
      - kc-config:/kc-config
      - db-init:/db-init
    command:
      - bash
      - '-c'
      - |-
        cat >/db-init/initdb.sql << 'EOF'
        CREATE USER keycloak WITH ENCRYPTED PASSWORD 'xxxx';
        CREATE DATABASE keycloak WITH ENCODING 'UTF8';
        GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;
        CREATE USER hub WITH ENCRYPTED PASSWORD 'xxxx';
        CREATE DATABASE hub WITH ENCODING 'UTF8';
        GRANT ALL PRIVILEGES ON DATABASE hub TO hub;
        EOF
        cat >/kc-config/realm.json << 'EOF'
        {
          "id": "060a1347-c12a-4634-b10c-7f8f466d5a93",
          "realm": "cryptomator",
          "displayName": "Cryptomator Hub",
          "loginTheme": "cryptomator",
          "enabled": true,
          "sslRequired": "external",
          "defaultRole": {
            "name": "user",
            "description": "User"
          },
          "roles": {
            "realm": [
              {
                "name": "user",
                "description": "User",
                "composite": false
              },
              {
                "name": "admin",
                "description": "Administrator",
                "composite": true,
                "composites": {
                  "realm": [
                    "user"
                  ],
                  "client": {
                    "realm-management": [
                      "realm-admin"
                    ]
                  }
                }
              },
              {
                "name": "syncer",
                "description": "syncer",
                "composite": true,
                "composites": {
                  "client": {
                    "realm-management": [
                      "view-users"
                    ]
                  }
                }
              }
            ]
          },
          "users": [
            {
              "username": "admin",
              "enabled": true,
              "credentials": [
                {
                  "type": "password",
                  "value": "xxxx",
                  "temporary": true
                }
              ],
              "requiredActions": [
                "UPDATE_PASSWORD"
              ],
              "realmRoles": [
                "admin"
              ]
            },
            {
              "username": "syncer",
              "enabled": true,
              "credentials": [
                {
                  "type": "password",
                  "value": "xxxx",
                  "temporary": false
                }
              ],
              "realmRoles": [
                "syncer"
              ]
            }
          ],
          "scopeMappings": [
            {
              "client": "cryptomatorhub",
              "roles": [
                "user",
                "admin"
              ]
            }
          ],
          "clients": [
            {
              "clientId": "cryptomatorhub",
              "serviceAccountsEnabled": false,
              "publicClient": true,
              "name": "Cryptomator Hub",
              "enabled": true,
              "redirectUris": [
                "https://cryptomatorhub.xxx.net/*"
              ],
              "webOrigins": [
                "+"
              ],
              "bearerOnly": false,
              "frontchannelLogout": false,
              "protocol": "openid-connect",
              "attributes": {
                "pkce.code.challenge.method": "S256"
              },
              "protocolMappers": [
                {
                  "name": "realm roles",
                  "protocol": "openid-connect",
                  "protocolMapper": "oidc-usermodel-realm-role-mapper",
                  "consentRequired": false,
                  "config": {
                    "access.token.claim": "true",
                    "claim.name": "realm_access.roles",
                    "jsonType.label": "String",
                    "multivalued": "true"
                  }
                },
                {
                  "name": "client roles",
                  "protocol": "openid-connect",
                  "protocolMapper": "oidc-usermodel-client-role-mapper",
                  "consentRequired": false,
                  "config": {
                    "access.token.claim": "true",
                    "claim.name": "resource_access.$${client_id}.roles",
                    "jsonType.label": "String",
                    "multivalued": "true"
                  }
                }
              ]
            },
            {
              "clientId": "cryptomator",
              "serviceAccountsEnabled": false,
              "publicClient": true,
              "name": "Cryptomator App",
              "enabled": true,
              "redirectUris": [
                "http://127.0.0.1/*"
              ],
              "webOrigins": [
                "+"
              ],
              "bearerOnly": false,
              "frontchannelLogout": false,
              "protocol": "openid-connect",
              "attributes": {
                "pkce.code.challenge.method": "S256"
              }
            }
          ],
          "browserSecurityHeaders": {
            "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self' https://cryptomatorhub.xxx.net/; object-src 'none';"
          }
        }
        EOF
  postgres:
    depends_on:
      init-config:
        condition: service_completed_successfully
    image: postgres:14-alpine
    volumes:
      - db-init:/docker-entrypoint-initdb.d
      - db-data:/var/lib/postgresql/data
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 256M
    healthcheck:
      test:
        - CMD
        - pg_isready
        - '-U'
        - postgres
      interval: 10s
      timeout: 3s
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: xxxx
      POSTGRES_INITDB_ARGS: '--encoding=UTF8'
    networks:
      - hub-internal
    labels:
      - traefik.enable=false
  keycloak:
    depends_on:
      init-config:
        condition: service_completed_successfully
      postgres:
        condition: service_healthy
    image: ghcr.io/cryptomator/keycloak:22.0.5
    command: start --optimized --import-realm
    volumes:
      - kc-config:/opt/keycloak/data/import
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 1024M
    healthcheck:
      test:
        - CMD
        - curl
        - '-f'
        - http://localhost:8080/kc/health/live
      interval: 60s
      timeout: 3s
    restart: unless-stopped
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: xxxx
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: xxxx
      KC_HEALTH_ENABLED: 'true'
      KC_HOSTNAME: cryptomatorhub.xxx.net
      KC_HTTP_ENABLED: 'true'
      KC_PROXY: edge
      KC_HTTP_RELATIVE_PATH: /kc
    networks:
      - proxy
      - hub-internal
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
    
      - "traefik.http.routers.keycloak-https.rule=Host(`cryptomatorhub.xxx.net`) && PathPrefix(`/kc`)"
      - "traefik.http.routers.keycloak-https.entrypoints=websecure"
      - "traefik.http.routers.keycloak-https.tls=true"
      - "traefik.http.routers.keycloak-https.tls.certresolver=letsencrypt"
      - "traefik.http.routers.keycloak-https.service=keycloak"
      - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
  hub:
    depends_on:
      keycloak:
        condition: service_healthy
      postgres:
        condition: service_healthy
    image: ghcr.io/cryptomator/hub:1.3.1
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
    healthcheck:
      test:
        - CMD-SHELL
        - (curl -f http://localhost:8080/q/health/live && curl -f http://localhost:8080/api/config) || exit 1
      interval: 10s
      timeout: 3s
    restart: unless-stopped
    environment:
      HUB_PUBLIC_ROOT_PATH: /
      HUB_KEYCLOAK_PUBLIC_URL: https://cryptomatorhub.xxx.net/kc
      HUB_KEYCLOAK_LOCAL_URL: http://keycloak:8080/kc
      HUB_KEYCLOAK_REALM: cryptomator
      HUB_KEYCLOAK_SYNCER_USERNAME: syncer
      HUB_KEYCLOAK_SYNCER_PASSWORD: xxxx
      HUB_KEYCLOAK_SYNCER_CLIENT_ID: admin-cli
      HUB_KEYCLOAK_SYNCER_PERIOD: 5m
      HUB_KEYCLOAK_OIDC_CRYPTOMATOR_CLIENT_ID: cryptomator
      QUARKUS_OIDC_AUTH_SERVER_URL: http://keycloak:8080/kc/realms/cryptomator
      QUARKUS_OIDC_TOKEN_ISSUER: https://cryptomatorhub.xxx.net/kc/realms/cryptomator
      QUARKUS_OIDC_CLIENT_ID: cryptomatorhub
      QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://postgres:5432/hub
      QUARKUS_DATASOURCE_USERNAME: hub
      QUARKUS_DATASOURCE_PASSWORD: xxxx
      QUARKUS_HTTP_HEADER__CONTENT_SECURITY_POLICY__VALUE: default-src 'self'; connect-src 'self' api.cryptomator.org https://cryptomatorhub.xxx.net/kc/; object-src 'none'; child-src 'self'; img-src * data:; frame-ancestors 'none'
    networks:
      - proxy
      - hub-internal
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
    
      - "traefik.http.routers.hub-https.rule=Host(`cryptomatorhub.xxx.net`)"
      - "traefik.http.routers.hub-https.entrypoints=websecure"
      - "traefik.http.routers.hub-https.tls=true"
      - "traefik.http.routers.hub-https.tls.certresolver=letsencrypt"
      - "traefik.http.routers.hub-https.service=hub"
      - "traefik.http.services.hub.loadbalancer.server.port=8080"
      
volumes:
  kc-config: {}
  db-init: {}
  db-data: {}

I removed passwords and personal information.
With 'image: ghcr.io/cryptomator/hub:1.3.0' everything works fine, but with 1.3.1 (as in the docker compose file here) I get the error

@infeo
Copy link
Member

infeo commented Jan 16, 2024

@Christopher87R On what CPU platform are you building the image? the error indicates, that the wrong cpu architecture is used (e.g. running a docker image build on aarch64 on a amd64 system)

@infeo infeo added state:awaiting-response We need further input from the issue author and removed state:awaiting-response We need further input from the issue author labels Jan 16, 2024
@Christopher87R
Copy link
Author

It is running on a aarch64 machine but worked wit label 1.3.0

@torad80
Copy link

torad80 commented Nov 2, 2024
edited
Loading

Can confirm this is a platform issue!
I have today tried the :stable tag but the container keep lopping restarting with the "exec /opt/java/openjdk/bin/java: exec format error" error in logs.
Manually changed the image to version 1.3.0 and the container started without any error.

I assume the new image (tag stable) is faulty created

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
state:awaiting-response We need further input from the issue author type:bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@infeo @torad80 @Christopher87R