Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix crashlooping for two services with insufficient privileges on opentelemetry-javaagent.jar. #1348

Merged
merged 3 commits into from
Jan 29, 2024

Conversation

LouisParkin
Copy link
Contributor

@LouisParkin LouisParkin commented Jan 26, 2024

Changes

Changed file access permission (chmod 644 instead of the default 600) for opentelemetry-javaagent.jar as it gets copied into the docker image for services adservice and frauddetectionservice.

This is done for the case where the containers are executed in a secure environment that has runAsRoot: false enforced. In such cases, the user nobody didn't even have read access to the mentioned jar, causing crashlooping for the two mentioned services.

Merge Requirements

For new features contributions please make sure you have completed the following
essential items:

  • CHANGELOG.md updated to document new feature additions
  • Appropriate documentation updates in the docs
  • Appropriate Helm chart updates in the helm-charts

Maintainers will not merge until the above have been completed. If you're unsure
which docs need to be changed ping the
@open-telemetry/demo-approvers.

…g read/write permission on opentelemetry-javaagent.jar. This commit fixes it.
@LouisParkin LouisParkin requested a review from a team January 26, 2024 07:01
Copy link

linux-foundation-easycla bot commented Jan 26, 2024

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: LouisParkin / name: Louis Parkin (e081df5, eabce33)
  • ✅ login: julianocosta89 / name: Juliano Costa (13d27fd)

@LouisParkin LouisParkin changed the title These two services don't run as 'nobody' due to root user alone havin… Fix crashlooping for two services with insufficient privileges on opentelemetry-javaagent.jar. Jan 26, 2024
Copy link
Contributor

@puckpuck puckpuck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this

@julianocosta89 julianocosta89 merged commit 120381a into open-telemetry:main Jan 29, 2024
28 checks passed
@LouisParkin LouisParkin deleted the fix-container-no-root branch January 30, 2024 08:48
jmichalak9 pushed a commit to jmichalak9/opentelemetry-demo that referenced this pull request Mar 22, 2024
…ntelemetry-javaagent.jar. (open-telemetry#1348)

* These two services don't run as 'nobofy' due to root user alone having read/write permission on opentelemetry-javaagent.jar. This commit fixes it.

* Updated CHANGELOG.md

* Update CHANGELOG.md

---------

Co-authored-by: Juliano Costa <[email protected]>
dineshg13 pushed a commit to DataDog/opentelemetry-demo that referenced this pull request Apr 2, 2024
* [ffs] - Allow setting initial feature flag values (open-telemetry#1319)

* remove timestamps from FeatureFlag message

Signed-off-by: Pierre Tessier <[email protected]>

* remove timestamps from FeatureFlag message

Signed-off-by: Pierre Tessier <[email protected]>

* init feature flags using sql

Signed-off-by: Pierre Tessier <[email protected]>

* allows initial feature flags values

Signed-off-by: Pierre Tessier <[email protected]>

* Update src/ffs_postgres/20-ffs_data.sql

Co-authored-by: Juliano Costa <[email protected]>

* Remove sporadically from cartServiceFailure

---------

Signed-off-by: Pierre Tessier <[email protected]>
Co-authored-by: Juliano Costa <[email protected]>

* Update affiliation (open-telemetry#1323)

* [cartservice] Bump OTel .NET SDK to 1.7.0 together with other dependencies (open-telemetry#1326)

* Bump .NET/.NET SDK docker images

* Bump OTel .NET SDK to 1.7.0
together with other .NET dependencies

* Changelog

* Fix changelog

* Re-generate protobuf to fix deprecated go modules (open-telemetry#1321)

* [loadgenerator and recommendationservice] Update python base image (open-telemetry#1329)

* update version numbers (open-telemetry#1331)

* [grafana] - update grafana to 10.2.3 (open-telemetry#1332)

* update grafana to 10.2.3

Signed-off-by: Pierre Tessier <[email protected]>

* update grafana to 10.2.3

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>

* [currency] - fix rpc.service attribute (open-telemetry#1333)

* add package name for rpc.service attribute

Signed-off-by: Pierre Tessier <[email protected]>

* add package name for rpc.service attribute

Signed-off-by: Pierre Tessier <[email protected]>

* add package name for rpc.service attribute

Signed-off-by: Pierre Tessier <[email protected]>

* add package name for rpc.service attribute

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>

* use GitHub markdown syntax (open-telemetry#1342)

Signed-off-by: Pierre Tessier <[email protected]>
Co-authored-by: Juliano Costa <[email protected]>

* [frontendproxy] enable envoy environment resource detector (open-telemetry#1291)

* enable envoy environment resource detector for frontendproxy

* use prod envoy and add changelog

* s/v1.29.0/v1.29-latest/

* Add OTEL_RESOURCE_ATTRIBUTES to docker compose defs

---------

Co-authored-by: Cedric Ziel <[email protected]>
Co-authored-by: Pierre Tessier <[email protected]>

* [currency] - fix metricreader export and temporality (open-telemetry#1335)

* default metricreader and exporter options

Signed-off-by: Pierre Tessier <[email protected]>

* default metricreader and exporter options

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>
Co-authored-by: Juliano Costa <[email protected]>

* update to latest helm release (open-telemetry#1341)

Signed-off-by: Pierre Tessier <[email protected]>

* [postgres] Define and use image for postgres (open-telemetry#1338)

* define and use postgres image

Signed-off-by: Pierre Tessier <[email protected]>

* define and use postgres image

Signed-off-by: Pierre Tessier <[email protected]>

* define and use postgres image

Signed-off-by: Pierre Tessier <[email protected]>

* add postgres image

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>
Co-authored-by: Juliano Costa <[email protected]>

* Update wiki url (open-telemetry#1346)

* Update wiki url

* [accountingservice,checkoutservice,productcatalogservice] update wiki link

* Fix crashlooping for two services with insufficient privileges on opentelemetry-javaagent.jar. (open-telemetry#1348)

* These two services don't run as 'nobofy' due to root user alone having read/write permission on opentelemetry-javaagent.jar. This commit fixes it.

* Updated CHANGELOG.md

* Update CHANGELOG.md

---------

Co-authored-by: Juliano Costa <[email protected]>

* Add browser traffic in loadgenerator and export traces in frontend (open-telemetry#1345)

* Add locust_plugins as a dependency

* Increased memory constraints and introduced LOCUST_BROWSER_TRAFFIC_ENABLED environment variable

* Added playwright on load generator docker image

* Inceased delay interval in milliseconds between two consecutive exports

* Use different otel endpoint when request contains the synthetic_request=true header

* Add locust example using playwright. The header synthetic_request is set to true to identify them in the frontend

* Updated changelog

* Use the same otelName (OTEL_COLLECTOR_HOST) for both k8s and docker

* Removed select option event

* Revert - Removed select option event

* Added IS_SYNTHETIC_REQUEST window.env used to set the span web attribute in FrontendTracer.ts

---------

Co-authored-by: Juliano Costa <[email protected]>

* Major version update (version 2.0.0) for OTel Java instrumentation (open-telemetry#1352)

* Major version update (version 2.0.0) for OTel Java instrumentation for
adservice, frauddetectionservice, kafka

The new Java instrumentation uses HTTP as the default export protocol. This PR changes the Java services to export HTTP instead of gRPC.

The new Java instrumentation introduces a lot of new kafka.consumer.* metrics from frauddetectionservice.

* Add CHANGELOG

* Fix CHANGELOG. Update docker-compose.minimal.yml

---------

Co-authored-by: Juliano Costa <[email protected]>

* Align env variables for OTLP ports (open-telemetry#1353)

* Align env variables for OTLP ports. No functional changes.

* Add CHANGELOG

---------

Co-authored-by: Juliano Costa <[email protected]>

* Update dependent services - Collector, Grafana, Jaeger, Prometheus, etc. (open-telemetry#1354)

* Update dependent services - Collector, Grafana, Jaeger, Prometheus, etc.

Move those external service image paths and versions to .env file to make it easier to update them in the future for multiple docker compose files.

* Add CHANGELOG

---------

Co-authored-by: Juliano Costa <[email protected]>

* [opensearch] - Use opensearch exporter & remove dataprepper (open-telemetry#1356)

* use opensearch native exporter

Signed-off-by: Pierre Tessier <[email protected]>

* cleanup opensearch config

Signed-off-by: Pierre Tessier <[email protected]>

* fix opensearch datasource

Signed-off-by: Pierre Tessier <[email protected]>

* fix opensearch datasource

Signed-off-by: Pierre Tessier <[email protected]>

* use opensearch exporter

Signed-off-by: Pierre Tessier <[email protected]>

* remove dataprepper config files

Signed-off-by: Pierre Tessier <[email protected]>

* remove opensearch auth details

Signed-off-by: Pierre Tessier <[email protected]>

* opensearch memory limits

Signed-off-by: Pierre Tessier <[email protected]>

* opensearch memory limits

Signed-off-by: Pierre Tessier <[email protected]>

* remove dataprepper

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>

* [chore] update Go SDKs, & fix metrics filters and transforms (open-telemetry#1357)

* update go SDKs

Signed-off-by: Pierre Tessier <[email protected]>

* remove go metric filters and transforms

Signed-off-by: Pierre Tessier <[email protected]>

* remove go metric filters and transforms

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>

* build(go): upgrade golang:1.21.6 (open-telemetry#1360)

Co-authored-by: Pierre Tessier <[email protected]>

* [chore] update SDKs and remove metric transforms (open-telemetry#1358)

* update python sdks

Signed-off-by: Pierre Tessier <[email protected]>

* remove python metric transform

Signed-off-by: Pierre Tessier <[email protected]>

* update Python SDKs

Signed-off-by: Pierre Tessier <[email protected]>

* fix trailing space

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>

* always run cleanup job (open-telemetry#1366)

* [loadgenerator] fix browser traffic enabled flag (open-telemetry#1359)

* fix browser traffic enabled flag

Signed-off-by: Pierre Tessier <[email protected]>

* fix browser traffic enabled flag

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>
Co-authored-by: Juliano Costa <[email protected]>

* Bump gradle/wrapper-validation-action from 1.1.0 to 2.0.1 (open-telemetry#1370)

Bumps [gradle/wrapper-validation-action](https://github.com/gradle/wrapper-validation-action) from 1.1.0 to 2.0.1.
- [Release notes](https://github.com/gradle/wrapper-validation-action/releases)
- [Commits](gradle/wrapper-validation-action@v1.1.0...v2.0.1)

---
updated-dependencies:
- dependency-name: gradle/wrapper-validation-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(go): update go 1.22 (open-telemetry#1367)

* Bump gradle/wrapper-validation-action from 2.0.1 to 2.1.0 (open-telemetry#1373)

Bumps [gradle/wrapper-validation-action](https://github.com/gradle/wrapper-validation-action) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/gradle/wrapper-validation-action/releases)
- [Commits](gradle/wrapper-validation-action@v2.0.1...v2.1.0)

---
updated-dependencies:
- dependency-name: gradle/wrapper-validation-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [productcatalog] - allow products to be extended (open-telemetry#1363)

* allow products to be extended

Signed-off-by: Pierre Tessier <[email protected]>

* allow products to be extended

Signed-off-by: Pierre Tessier <[email protected]>

* fix products path

Signed-off-by: Pierre Tessier <[email protected]>

* fix merge conflict

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>
Co-authored-by: Juliano Costa <[email protected]>

* Bump gradle/wrapper-validation-action from 2.1.0 to 2.1.1 (open-telemetry#1376)

Bumps [gradle/wrapper-validation-action](https://github.com/gradle/wrapper-validation-action) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/gradle/wrapper-validation-action/releases)
- [Commits](gradle/wrapper-validation-action@v2.1.0...v2.1.1)

---
updated-dependencies:
- dependency-name: gradle/wrapper-validation-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): upgrade go.opentelemetry.io/otel and go.opentelemetry.io/contrib to latest version (open-telemetry#1375)

Co-authored-by: Juliano Costa <[email protected]>

* [chore] fix trace tests (open-telemetry#1377)

* add tracetesting vars

Signed-off-by: Pierre Tessier <[email protected]>

* fix tests targets

Signed-off-by: Pierre Tessier <[email protected]>

* update for semconv

Signed-off-by: Pierre Tessier <[email protected]>

* update actions/checkout version

Signed-off-by: Pierre Tessier <[email protected]>

* update trace based tests

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>

* [cartservice] Bump .NET to 8.0.2 (open-telemetry#1380)

* [cartservice] bump dependencies

* [cartservice] Bump .NET to 8.0.2

* changelog

* Add Google Cloud fork to demos list (open-telemetry#1381)

* [currencyservice] Add OTLP logs (open-telemetry#1378)

* Add OTel logs to currencyservice

* line break

* changelog

* Move OPENTELEMETRY_CPP_VERSION back

* set opensearch version and timestamp field

Signed-off-by: Pierre Tessier <[email protected]>

* add comment for opensearch version update

Signed-off-by: Pierre Tessier <[email protected]>

* Change log to INFO

---------

Signed-off-by: Pierre Tessier <[email protected]>
Co-authored-by: Pierre Tessier <[email protected]>

* prep for release (open-telemetry#1379)

* replace featureflag service with flagd

* remove ff from gha

* update changelog

* fix sanity checker

* add python

* fix sanity

* refactor(checkoutservice): reuse grpc service client (open-telemetry#1387)

* chore: use semantic convention v1.24.0 (open-telemetry#1385)

* chore(accountingservice): use semantic convention v1.24.0

* chore(checkoutservice): use semantic convention v1.24.0

---------

Co-authored-by: Austin Parker <[email protected]>

* bump dependencies (open-telemetry#1390)

* Update trace test sem conv (open-telemetry#1394)

* update to 1.8.0 release (open-telemetry#1395)

Signed-off-by: Pierre Tessier <[email protected]>

* [chore] make: fix restart, add redeploy targets (open-telemetry#1397)

* fix restart, add redeploy

Signed-off-by: Pierre Tessier <[email protected]>

* fix restart, add redeploy

Signed-off-by: Pierre Tessier <[email protected]>

* use service or SERVICE

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>

* [chore] - memory for collector and jaeger (open-telemetry#1396)

* increase collector memory

Signed-off-by: Pierre Tessier <[email protected]>

* increase collector memory

Signed-off-by: Pierre Tessier <[email protected]>

* increase collector memory

Signed-off-by: Pierre Tessier <[email protected]>

* increase collector memory

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>
Co-authored-by: Austin Parker <[email protected]>

* [chore]: nightly build and publish (open-telemetry#1398)

* nightly build and publish

Signed-off-by: Pierre Tessier <[email protected]>

* add nightly releases

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>

* use nightly releases (open-telemetry#1399)

Signed-off-by: Pierre Tessier <[email protected]>
Co-authored-by: Austin Parker <[email protected]>

* [chore]: remove integration tests (open-telemetry#1406)

* yeet integration tests

Signed-off-by: Pierre Tessier <[email protected]>

* yeet integration tests

Signed-off-by: Pierre Tessier <[email protected]>

* yeet integration tests

Signed-off-by: Pierre Tessier <[email protected]>

---------

Signed-off-by: Pierre Tessier <[email protected]>
Co-authored-by: Austin Parker <[email protected]>

* add flagd provider to python

* chore(checkoutservice): add producer interceptor for tracing (open-telemetry#1400)

* chore(checkoutservice): add producer interceptor for tracing

* chore(checkoutservice): update changelog

---------

Co-authored-by: Pierre Tessier <[email protected]>

* Update src/adservice/build.gradle

Co-authored-by: Justin Abrahms <[email protected]>

* fix(accountingservice): fix graceful shutdown and log issues (open-telemetry#1401)

Co-authored-by: Pierre Tessier <[email protected]>

* cleanup ad service eval

* only run nightly for main repo (open-telemetry#1407)

Signed-off-by: Pierre Tessier <[email protected]>
Co-authored-by: Juliano Costa <[email protected]>

* fix(productcatalogservice): fix graceful shutdown issues (open-telemetry#1402)

* fix(productcatalogservice): fix graceful shutdown issues

* fix(productcatalogservice): update changelog

---------

Co-authored-by: Pierre Tessier <[email protected]>
Co-authored-by: Austin Parker <[email protected]>

* Test: Run integration tests on PR approval (open-telemetry#1414)

* spike for running integration tests

* add workflow call trigger

* fix lint

* lint

* fix

* don't reinstall docker

* [CartService] - Add Host Detector (open-telemetry#1415)

* Add Host Detector

* changelog

---------

Co-authored-by: Austin Parker <[email protected]>

* docs(readme): add Dash0 to the list of forks (open-telemetry#1416)

* [frontend] update sharp to latest to avoid docker build issue on M1 (open-telemetry#1417)

Building the frontend container image on an Apple M1 would result in
the following error during docker build:

    15.56 > Build error occurred
    15.56 [Error: ENOENT: no such file or directory, copyfile '/app/node_modules/sharp/build/Release/sharp-darwin-arm64v8.node' -> '/app/.next/standalone/node_modules/sharp/build/Release/sharp-darwin-arm64v8.node'] {
    15.56   errno: -2,
    15.56   code: 'ENOENT',
    15.56   syscall: 'copyfile',
    15.56   path: '/app/node_modules/sharp/build/Release/sharp-darwin-arm64v8.node',
    15.56   dest: '/app/.next/standalone/node_modules/sharp/build/Release/sharp-darwin-arm64v8.node'
    15.56 }

Updating sharp to v0.33.x avoids this problem, as that version includes
pre-built sharp binaries for various platforms, see
https://sharp.pixelplumbing.com/changelog#v0330---29th-november-2023

* [frontend] fix typo in ShippingGateway (open-telemetry#1418)

* fix kafka producer spans (open-telemetry#1428)

* chore: upgrade go.opentelemetry.io otel and contrib dependencies (open-telemetry#1408)

Co-authored-by: Pierre Tessier <[email protected]>

* fix adservice

* fixup gomod

* add otel hooks for .net flags

* add otel hooks for productcatalog

* Remove trailing space

* add stub for python otel hook

* refactor(checkoutservice): use exception.message key from semantic convention (open-telemetry#1430)

* remove unneeded key from flags

* removing integration tests

---------

Signed-off-by: Pierre Tessier <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Pierre Tessier <[email protected]>
Co-authored-by: Juliano Costa <[email protected]>
Co-authored-by: Piotr Kiełkowicz <[email protected]>
Co-authored-by: Lam Tran <[email protected]>
Co-authored-by: Austin Parker <[email protected]>
Co-authored-by: Robert Lankford <[email protected]>
Co-authored-by: Cedric Ziel <[email protected]>
Co-authored-by: pankdev <[email protected]>
Co-authored-by: Louis Parkin <[email protected]>
Co-authored-by: Jordi Bisbal Ansaldo <[email protected]>
Co-authored-by: Mikko Viitanen <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mike Dame <[email protected]>
Co-authored-by: Justin Abrahms <[email protected]>
Co-authored-by: Bastian Krol <[email protected]>
Co-authored-by: Bastian Krol <[email protected]>
Co-authored-by: Juliano Costa <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants