Sonarqube docker container is getting restarted

irshadan · August 10, 2021, 7:39am

I am trying to create a docker container for sonarqube with image “sonarqube:9-community”
(I am able to create the same with image “sonarqube:8-community”)
Below are docker version details-
Client:
Version: 18.09.1-rc1
API version: 1.39
Go version: go1.10.4
Git commit: f7e1ce1
Built: Fri Dec 7 00:27:21 2018
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine - Enterprise
Engine:
Version: 18.09.2
API version: 1.39 (minimum version 1.12)
Go version: go1.10.6
Git commit: 1ac774d
Built: Sun Feb 10 03:43:47 2019
OS/Arch: linux/amd64
Experimental: false

$docker run --rm -it --name “test-sonarqube-unique” --entrypoint /bin/bash server1.net:8083/sonarqube:9-community
bash-5.1# ls -ltr /opt/java/openjdk/bin/
jaotc java jfr jjs jrunscript keytool pack200 rmid rmiregistry unpack200
bash-5.1# ls -ltr /opt/java/openjdk/bin/java
-rwxr-xr-x 1 root root 12768 Apr 20 21:21 /opt/java/openjdk/bin/java
bash-5.1#

getting below error in container logs

2021.08.10 07:12:23 INFO app[o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
2021.08.10 07:12:23 WARN app[o.s.a.p.AbstractManagedProcess] Process exited with exit value [es]: 1
2021.08.10 07:12:23 INFO app[o.s.a.SchedulerImpl] Process[es] is stopped
2021.08.10 07:12:23 INFO app[o.s.a.SchedulerImpl] SonarQube is stopped
2021.08.10 07:12:31 INFO app[o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonarqube/temp
2021.08.10 07:12:31 INFO app[o.s.a.es.EsSettings] Elasticsearch listening on [HTTP: 127.0.0.1:9001, TCP: 127.0.0.1:35143]
2021.08.10 07:12:31 INFO app[o.s.a.ProcessLauncherImpl] Launch process[[key=‘es’, ipcIndex=1, logFilenamePrefix=es]] from [/opt/sonarqube/elasticsearch]: /opt/sonarqube/elasticsearch/bin/elasticsearch
could not find java in ES_JAVA_HOME at /opt/java/openjdk/bin/java

Tobias_Trabelsi · August 10, 2021, 7:56am

Hi @irshadan

you are probably hit by SONAR-15167. we updated our base image to from alpine 3.12 to alpine 3.14 where they did a change to musllibc that enables the faccessat2 syscall. this one is not known to old docker installations <20.10.0.
you can update your container runtime (docker) or start sonarqube with a custom seccomp profile.

for the seccomp profile you can basically use the one from upstream here and change line 2 from SCMP_ACT_ERRNO to SCMP_ACT_TRACE. then start your container with like this:

docker run --rm -it --name "test-sonarqube-unique" --security-opt seccomp=/path/to/seccomp/profile.json server1.net:8083/sonarqube:9-community

hope that helps

Antonio_Petricca · October 4, 2021, 1:34pm

Hi, how can accomplish the same by docker-compose?

Tobias_Trabelsi · October 4, 2021, 2:15pm

Hello @Antonio_Petricca and welcome to the community

i guess you mean the security_opts right? you can have a look at the compose spec for that. maybe this example will help:

version: "3"

services:
  sonarqube:
    image: sonarqube:9.1-community
    depends_on:
      - db
    environment:
      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
      SONAR_JDBC_USERNAME: sonar
      SONAR_JDBC_PASSWORD: sonar
    security_opt:
      - "seccomp=/path/to/seccomp/profile.json"
    volumes:
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_logs:/opt/sonarqube/logs
    ports:
      - "9000:9000"
  db:
    image: postgres:12
    environment:
      POSTGRES_USER: sonar
      POSTGRES_PASSWORD: sonar
    volumes:
      - postgresql:/var/lib/postgresql
      - postgresql_data:/var/lib/postgresql/data

volumes:
  sonarqube_data:
  sonarqube_logs:
  postgresql:
  postgresql_data:

Jaff · January 20, 2022, 6:14pm

That fixed my problem, thanks

Jai_Mohan · March 2, 2022, 7:37am

Fixed my issue as well. Thank you for detailing this out.