将声纳库从版本 9.8 更新到 9.9.1 时遇到了一些困难,cacerts 位于两个版本的正确位置,但由于某种原因,它在构建期间显示(没有这样的文件或目录)版本9.9.1.
9.8版本的Docker文件
FROM sonarqube:9.8-developer
SHELL ["/bin/bash", "-c"]
COPY ./cert/* /tmp/
# Import certs
RUN keytool -import -v -trustcacerts -alias my_ca -file /tmp/rootCert.pem \
-keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit
RUN keytool -import -v -trustcacerts -alias my_ca_intermediate -file /tmp/rootca-intermediate.pem \
-keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit
COPY ./sonar.properties /opt/sonarqube/conf/
构建成功,如下日志所示
$ docker build -t sonar98-troubleshooting:9.8-developer-troubleshooting --no-cache .
[+] Building 6.4s (10/10) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 561B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/sonarqube:9.8-developer 2.3s
=> CACHED [1/5] FROM docker.io/library/sonarqube:9.8-developer@sha256:a73ecba149df1ebb84f0dc483657ab6cdcf8ed5c6cb72964630fb12b043ccc9c 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 147B 0.0s
=> [2/5] COPY ./cert/* /tmp/ 0.1s
=> [3/5] RUN keytool -import -v -trustcacerts -alias my_ca -file /tmp/rootCert.pem -keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit 1.9s
=> [4/5] RUN keytool -import -v -trustcacerts -alias my_ca_intermediate -file /tmp/rootca-intermediate.pem -keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changei 1.6s
=> [5/5] COPY ./sonar.properties /opt/sonarqube/conf/ 0.1s
=> exporting to image 0.2s
=> => exporting layers 0.1s
=> => writing image sha256:7abe6db583cd18026362198924549c806c1ce36def7b46796c6e8f613c97bb1f 0.0s
=> => naming to docker.io/library/sonar98-troubleshooting:9.8-developer-troubleshooting
版本 9.9.1 的 Docker 文件
FROM sonarqube:9.9.1-developer
SHELL ["/bin/bash", "-c"]
COPY ./cert/* /tmp/
# Import certs
RUN keytool -import -v -trustcacerts -alias my_ca -file /tmp/rootCert.pem \
-keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit
RUN keytool -import -v -trustcacerts -alias my_ca_intermediate -file /tmp/rootca-intermediate.pem \
-keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit
COPY ./sonar.properties /opt/sonarqube/conf/
在构建过程中显示错误,即使“/usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts”是有效的位置/文件。如下日志所示
$ docker build -t sonar991-troubleshooting:9.9.1-developer-troubleshooting --no-cache .
[+] Building 3.1s (7/9)
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 563B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/sonarqube:9.9.1-developer 1.0s
=> [internal] load build context 0.0s
=> => transferring context: 147B 0.0s
=> CACHED [1/5] FROM docker.io/library/sonarqube:9.9.1-developer@sha256:d231773f02bf99229353792408e96ad75c537d0f93ce66f67dcd61dc9e2e40d9 0.0s
=> [2/5] COPY ./cert/* /tmp/ 0.1s
=> ERROR [3/5] RUN keytool -import -v -trustcacerts -alias my_ca -file /tmp/rootCert.pem -keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit 1.8s
------
> [3/5] RUN keytool -import -v -trustcacerts -alias my_ca -file /tmp/rootCert.pem -keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit:
#7 1.451 Certificate was added to keystore
#7 1.451 [Storing /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts]
#7 1.777 keytool error: java.io.FileNotFoundException: /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts (No such file or directory)
#7 1.778 java.io.FileNotFoundException: /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts (No such file or directory)
#7 1.781 at java.base/java.io.FileOutputStream.open0(Native Method)
#7 1.781 at java.base/java.io.FileOutputStream.open(Unknown Source)
#7 1.782 at java.base/java.io.FileOutputStream.<init>(Unknown Source)
#7 1.783 at java.base/java.io.FileOutputStream.<init>(Unknown Source)
#7 1.783 at java.base/sun.security.tools.keytool.Main.doCommands(Unknown Source)
#7 1.783 at java.base/sun.security.tools.keytool.Main.run(Unknown Source)
#7 1.783 at java.base/sun.security.tools.keytool.Main.main(Unknown Source)
首先您应该使用JAVA_HOME的环境变量。在我的安装中,密钥库位于 /opt/java/openjdk/lib/security/cacerts
我的密钥库还有另一个问题。我的问题是我没有权限将证书添加到密钥库文件中。
USER root
RUN keytool -import -v -trustcacerts -alias ipa -file /tmp/ca-cert.pem \
-keystore /${JAVA_HOME}/lib/security/cacerts -noprompt -storepass changeit