docker-compose 在挂载卷时找不到证书文件

问题描述 投票:0回答:0

我在 docker 容器内运行 spring cloud stream 应用程序,需要挂载证书以对远程端点进行身份验证,但在启动容器时我不断收到 java.nio.file.NoSuchFileException。下面是我的 docker-compose 和 .env.local 环境文件:

# SECURE PROPS
KEYSTORE_FILE=/etc/pki/java/c4-dev-percolate.p12
KEYSTORE_PASSWORD=changeme
KEYSTORE_TYPE=PKCS12
TRUSTSTORE_FILE=/etc/pki/java/alltrusted.p12
TRUSTSTORE_PASSWORD=changeit
TRUSTSTORE_TYPE=PKCS12

# KAFKA PROPERTIES
KAFKA_BROKERS=al-dev-kafka-0:9092,al-dev-kafka-1:9092
KAFKA_SECURITY_PROTOCOL=SSL
KAFKA_IN_TOPIC=c4.dev.percolate.results
KAFKA_OUT_TOPIC=c4.dev.percolate.consumer.results
KAFKA_ERROR_TOPIC=c4.dev.percolate.errors
KAFKA_PERCOLATE_TOPIC_READER_GROUP=c4.dev.percolate.ingest.consumers

# SPRING PROPERTIES
SPRING_APPLICATION_NAME=al-rap-message-delivery
SPRING_LOG_LEVEL=DEBUG

我的 /etc/pki/java 目录包含以下文件:

[tblackg@al-dev-tblackg java]$ pwd
/etc/pki/java
[tblackg@al-dev-tblackg java]$ ls -la
total 28
drwxr-xr-x  5 root root  237 Apr 13 18:08 .
drwxr-xr-x 10 root root  116 Apr  9  2019 ..
drwxr-xr-x  2 root root  250 Mar 21 17:33 al-dev-kafka
-rw-r--r--  1 root root 3466 Mar 28 16:33 alltrusted.p12
-rw-r--r--  1 root root 3085 Mar 23 19:00 c4-dev-percolate.p12
-rw-r--r--  1 root root 3173 Apr 13 18:08 c4-dev-query-api.p12
lrwxrwxrwx  1 root root   40 Mar  6 18:23 cacerts -> /etc/pki/ca-trust/extracted/java/cacerts
-rw-r--r--  1 root root 3165 Feb 13 15:02 identity.p12

这是我的 docker-compose.yml:

---
version: '3'
services:
  al-rap-dev-message-delivery:
    container_name: al-rap-dev-message-delivery
    build: ./
    image: al-rap-message-delivery:latest
    env_file: ./.env.dev
    environment:
      - "spring.profiles.active=dev"
    volumes:
      - /etc/pki/java/c4-dev-percolate.p12:/etc/pki/java/identity.p12 
      - /etc/pki/java/alltrusted.p12:/etc/pki/java/alltrusted.p12

当我运行 docker-compose up 时,我得到以下堆栈跟踪:

java.nio.file.NoSuchFileException: /etc/pki/java/c4-dev-percolate.p12
al-rap-dev-message-delivery  |  at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:149) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.nio.file.Files.readAttributes(Files.java:1764) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.nio.file.Files.getLastModifiedTime(Files.java:2315) ~[na:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.lastModifiedMs(DefaultSslEngineFactory.java:383) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.<init>(DefaultSslEngineFactory.java:348) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.createKeystore(DefaultSslEngineFactory.java:299) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.configure(DefaultSslEngineFactory.java:161) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.SslFactory.instantiateSslEngineFactory(SslFactory.java:136) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:72) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:73) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:508) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.clients.admin.Admin.create(Admin.java:75) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.clients.admin.AdminClient.create(AdminClient.java:49) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createAdminClient(KafkaTopicProvisioner.java:260) ~[spring-cloud-stream-binder-kafka-core-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:161) ~[spring-cloud-stream-binder-kafka-core-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:86) ~[spring-cloud-stream-binder-kafka-core-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:233) ~[spring-cloud-stream-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:92) ~[spring-cloud-stream-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.AbstractBinder.bindProducer(AbstractBinder.java:152) ~[spring-cloud-stream-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binding.BindingService.lambda$rescheduleProducerBinding$4(BindingService.java:346) ~[spring-cloud-stream-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-5.3.10.jar!/:5.3.10]
al-rap-dev-message-delivery  |  at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
al-rap-dev-message-delivery  | 
al-rap-dev-message-delivery  | 2023-04-18 00:26:05.924  INFO 7 --- [   scheduling-1] org.apache.kafka.common.metrics.Metrics  : Metrics scheduler closed
al-rap-dev-message-delivery  | 2023-04-18 00:26:05.924  INFO 7 --- [   scheduling-1] org.apache.kafka.common.metrics.Metrics  : Closing reporter org.apache.kafka.common.metrics.JmxReporter
al-rap-dev-message-delivery  | 2023-04-18 00:26:05.924  INFO 7 --- [   scheduling-1] org.apache.kafka.common.metrics.Metrics  : Metrics reporters closed
al-rap-dev-message-delivery  | 2023-04-18 00:26:05.925 ERROR 7 --- [   scheduling-1] o.s.cloud.stream.binding.BindingService  : Failed to create producer binding; retrying in 30 seconds
al-rap-dev-message-delivery  | 
al-rap-dev-message-delivery  | org.springframework.cloud.stream.binder.BinderException: Exception thrown while building outbound endpoint
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:251) ~[spring-cloud-stream-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:92) ~[spring-cloud-stream-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.AbstractBinder.bindProducer(AbstractBinder.java:152) ~[spring-cloud-stream-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binding.BindingService.lambda$rescheduleProducerBinding$4(BindingService.java:346) ~[spring-cloud-stream-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-5.3.10.jar!/:5.3.10]
al-rap-dev-message-delivery  |  at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
al-rap-dev-message-delivery  | Caused by: org.apache.kafka.common.KafkaException: Failed to create new KafkaAdminClient
al-rap-dev-message-delivery  |  at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:535) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.clients.admin.Admin.create(Admin.java:75) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.clients.admin.AdminClient.create(AdminClient.java:49) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createAdminClient(KafkaTopicProvisioner.java:260) ~[spring-cloud-stream-binder-kafka-core-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:161) ~[spring-cloud-stream-binder-kafka-core-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:86) ~[spring-cloud-stream-binder-kafka-core-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:233) ~[spring-cloud-stream-3.1.6.jar!/:3.1.6]
al-rap-dev-message-delivery  |  ... 10 common frames omitted
al-rap-dev-message-delivery  | Caused by: org.apache.kafka.common.KafkaException: Failed to load SSL keystore /etc/pki/java/c4-dev-percolate.p12 of type PKCS12
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.load(DefaultSslEngineFactory.java:377) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.<init>(DefaultSslEngineFactory.java:349) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.createKeystore(DefaultSslEngineFactory.java:299) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.configure(DefaultSslEngineFactory.java:161) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.SslFactory.instantiateSslEngineFactory(SslFactory.java:136) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:72) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:73) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:508) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  ... 16 common frames omitted
al-rap-dev-message-delivery  | Caused by: java.nio.file.NoSuchFileException: /etc/pki/java/c4-dev-percolate.p12
al-rap-dev-message-delivery  |  at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:219) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.nio.file.Files.newByteChannel(Files.java:371) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.nio.file.Files.newByteChannel(Files.java:422) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420) ~[na:na]
al-rap-dev-message-delivery  |  at java.base/java.nio.file.Files.newInputStream(Files.java:156) ~[na:na]
al-rap-dev-message-delivery  |  at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.load(DefaultSslEngineFactory.java:370) ~[kafka-clients-2.7.1.jar!/:na]
al-rap-dev-message-delivery  |  ... 26 common frames omitted

我不明白为什么它说找不到 c4-dev-percolate.p12 文件,而它显然存在于目录中。任何帮助,将不胜感激。我错过了什么?

spring docker apache-kafka spring-cloud-stream
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.