Sonarqube blacklist not possible

Question

Sonarqube blacklist not possible

735trv opened this issue 2 years ago · 3 comments

Hi @liske,
I've a Debian server on which Sonarqube (Community EditionVersion 9.4 build 54424) is installed. When running needrestart, it always reports that the sonarqube service needs a restart. Unfortunately adding it to the blacklist didn't work. Would be nice if you could check this. Thanks! 🙂

systemctl edit --full sonarqube

[Unit]
Description=SonarQube Server service
After=syslog.target network.target

[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop

User=sonar
Group=sonar
Restart=always
LimitNOFILE=131072
LimitNPROC=8192
TimeoutStartSec=5

[Install]
WantedBy=multi-user.target

cat /etc/needrestart/conf.d/blacklist_mappings.conf

push @{ $nrconf{blacklist_mappings} }, qr(^/opt/sonarqube/);

Answer 1 · 2022-12-02T02:51:10.000Z

If you run needrestart -b -vvvv what do you end up seeing as the applicable program path? Your unit has a shell script wrapper, so what you might think to match may not be what you actually need to match. Why? Because blacklist_mappings actually reads /proc/PID/maps. If those wrapper scripts use exec to replace the existing process space when the daemon launches, the actual process path in /proc/PID/maps won't talk about the script, but potentially some other binary.

Answer 2 · 2022-12-13T18:15:11.000Z

@koitsu Thanks for your explanation. Understand now how this works in the background 👍

This is the output

[main] eval /etc/needrestart/needrestart.conf
[main] eval /etc/needrestart/conf.d/blacklist_mappings.conf
[main] needrestart v3.5
[main] running in root mode
[main] systemd detected
[main] vm detected
NEEDRESTART-VER: 3.5
[Core] #602 is a NeedRestart::Interp::Python
[Python] #602: source=/usr/share/unattended-upgrades/unattended-upgrade-shutdown
[main] #1085 uses obsolete binary /usr/bin/xfsettingsd
[main] #1085 is a child of #893
[Core] #1144 is a NeedRestart::Interp::Perl
[Perl] #1144: source=/opt/asbru/asbru-cm
[Core] #1168 is a NeedRestart::Interp::Python
[Python] #1168: source=/usr/share/system-config-printer/applet.py
[Core] #80004 is a NeedRestart::Interp::Java
[Core] #80032 is a NeedRestart::Interp::Java
[Core] #80156 is a NeedRestart::Interp::Java
[Core] #80156 uses obsolete script file(s):
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/l10nde/sonar-l10n-de-plugin-1.2.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/config/sonar-config-plugin-1.2.0.267.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/go/sonar-go-plugin-1.9.0.3429.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/iac/sonar-iac-plugin-1.7.0.2012.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/sonarscala/sonar-scala-plugin-1.9.0.3429.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/csharp/sonar-csharp-plugin-8.36.1.44192.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/text/sonar-text-plugin-1.0.0.120.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/php/sonar-php-plugin-3.23.1.8766.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/ruby/sonar-ruby-plugin-1.9.0.3429.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/java/sonar-java-plugin-7.11.0.29148.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/python/sonar-python-plugin-3.12.0.9583.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/javascript/sonar-javascript-plugin-9.1.0.17747.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/kotlin/sonar-kotlin-plugin-2.9.0.1147.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/xml/sonar-xml-plugin-2.5.0.3376.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/vbnet/sonar-vbnet-plugin-8.36.1.44192.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/flex/sonar-flex-plugin-2.7.0.2865.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/jacoco/sonar-jacoco-plugin-1.1.1.1157.jar
[Core] #80156  /opt/sonarqube/data/web/deploy/plugins/web/sonar-html-plugin-3.6.0.3106.jar
[main] #80156 is a child of #80004
[Core] #80207 is a NeedRestart::Interp::Java
[Core] #80207 uses obsolete script file(s):
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/javascript/sonar-javascript-plugin-9.1.0.17747.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/xml/sonar-xml-plugin-2.5.0.3376.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/flex/sonar-flex-plugin-2.7.0.2865.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/java/sonar-java-plugin-7.11.0.29148.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/php/sonar-php-plugin-3.23.1.8766.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/go/sonar-go-plugin-1.9.0.3429.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/ruby/sonar-ruby-plugin-1.9.0.3429.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/l10nde/sonar-l10n-de-plugin-1.2.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/jacoco/sonar-jacoco-plugin-1.1.1.1157.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/sonarscala/sonar-scala-plugin-1.9.0.3429.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/text/sonar-text-plugin-1.0.0.120.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/python/sonar-python-plugin-3.12.0.9583.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/vbnet/sonar-vbnet-plugin-8.36.1.44192.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/web/sonar-html-plugin-3.6.0.3106.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/config/sonar-config-plugin-1.2.0.267.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/iac/sonar-iac-plugin-1.7.0.2012.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/csharp/sonar-csharp-plugin-8.36.1.44192.jar
[Core] #80207  /opt/sonarqube/temp/ce-exploded-plugins/kotlin/sonar-kotlin-plugin-2.9.0.1147.jar
[main] #80207 is a child of #80004
[Core] #98246 is a NeedRestart::Interp::Perl
[Perl] #98246: source=/opt/asbru/lib/asbru_conn
[Core] #167836 is a NeedRestart::Interp::Perl
[Perl] #167836: source=/opt/asbru/lib/asbru_conn
[Perl] #167836: use cached file list
[Core] #167871 is a NeedRestart::Interp::Perl
[Perl] #167871: source=/opt/asbru/lib/asbru_conn
[Perl] #167871: use cached file list
[main] #893 exe => /usr/bin/xfce4-session
[main] #893 part of user session: uid=1000 sess=1
[main] #80004 exe => /usr/lib/jvm/java-11-openjdk-amd64/bin/java
[Core] #80004 is a NeedRestart::Interp::Java
[Core] #80004 source is UNKNOWN
[main] #80004 is sonarqube.service
[main] inside container or vm, skipping microcode checks
[Kernel] Linux: kernel release 5.10.0-19-amd64, kernel version #1 SMP Debian 5.10.149-2 (2022-10-21)
[Kernel/Linux] /boot/vmlinuz-5.10.0-19-amd64 => 5.10.0-19-amd64 (debian-kernel@lists.debian.org) #1 SMP Debian 5.10.149-2 (2022-10-21) [5.10.0-19-amd64]*
[Kernel/Linux] /boot/vmlinuz-5.10.0-18-amd64 => 5.10.0-18-amd64 (debian-kernel@lists.debian.org) #1 SMP Debian 5.10.140-1 (2022-09-02) [5.10.0-18-amd64]
[Kernel/Linux] Expected linux version: 5.10.0-19-amd64
NEEDRESTART-KCUR: 5.10.0-19-amd64
NEEDRESTART-KEXP: 5.10.0-19-amd64
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: sonarqube.service

And yes, it is a wrapper script, for a Java application (Source)