Sonarqube 8.0 Dev edition - Compute Engine fail starting up
Poil opened this issue · 5 comments
Hi,
Dunno how to have more log about this but, this plugin crash the Compute Engine at starting
2019.10.22 08:43:41 INFO ce[][o.s.p.ProcessEntryPoint] Starting ce
2019.10.22 08:43:41 INFO ce[][o.s.ce.app.CeServer] Compute Engine starting up...
2019.10.22 08:43:42 INFO ce[][o.s.c.e.CoreExtensionsLoader] Loaded core extensions: developer-edition, developer-scanner, developer-server, license
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] no modules loaded
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.join.ParentJoinPlugin]
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.percolator.PercolatorPlugin]
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
2019.10.22 08:43:43 INFO ce[][o.s.s.e.EsClientProvider] Connected to local Elasticsearch: [127.0.0.1:9001]
2019.10.22 08:43:43 INFO ce[][o.sonar.db.Database] Create JDBC data source for jdbc:postgresql://localhost/sonar
2019.10.22 08:43:45 INFO ce[][o.s.s.p.ServerFileSystemImpl] SonarQube home: /opt/sonarqube-8.0
2019.10.22 08:43:45 INFO ce[][o.s.c.c.CePluginRepository] Load plugins
2019.10.22 08:43:46 ERROR ce[][o.s.ce.app.CeServer] Compute Engine startup failed
java.lang.IllegalStateException: Fail to load plugin ShellCheck Analyzer [shellcheck]
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:88)
at org.sonar.ce.container.ComputeEngineContainerImpl.startLevel4(ComputeEngineContainerImpl.java:230)
at org.sonar.ce.container.ComputeEngineContainerImpl.start(ComputeEngineContainerImpl.java:196)
at org.sonar.ce.ComputeEngineImpl.startup(ComputeEngineImpl.java:45)
at org.sonar.ce.app.CeServer$CeMainThread.attemptStartup(CeServer.java:163)
at org.sonar.ce.app.CeServer$CeMainThread.run(CeServer.java:141)
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.*")
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.base/java.security.AccessController.checkPermission(AccessController.java:897)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
at java.base/java.lang.System.getenv(System.java:1042)
at com.github.sbaudoin.sonar.plugins.shellcheck.ShellCheckPlugin.define(ShellCheckPlugin.java:31)
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:78)
... 5 common frames omitted
2019.10.22 08:43:46 INFO ce[][o.s.p.ProcessEntryPoint] Hard stopping process
Best regards
There is this doc, but I don't have a valid account to consult the solution https://support.oracle.com/knowledge/Middleware/1025856_1.html
Hello,
Thanks for reporting the issue. I have not tested SQ 8 yet. And I cannot access the support note either.
Can you detail your SQ runtime environment (especially the JDK version and configuration), please? I did some short unit tests with Java 8 and 11 and the line of code in question works fine. There seems to be a configuration issue in the policy file of your JDK.
Hi,
Here is my current JDK, note that it was working with Sonar 7.x with it.
# java -version
openjdk version "11.0.4" 2019-07-16 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.4+11-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.4+11-LTS, mixed mode, sharing)
I have no configuration in security and security.d
I am having the same issue and found the following comment:
mc1arke/sonarqube-community-branch-plugin#38 (comment)
SonarSource have made changes to specifically block the mechanism this plugin used to access the relevant Core classes at runtime by implementing a Security Manager. Alongside this they've made internal API changes that prevent the plugin compiling against SonarQube 8. I'll need to take a look at what options we have for overcoming this.
Edit: I did not see your reply, which points to the cause of the problem.
I'm going to ask to the SQ team how a plugin can get access to the system environment variables in a plugin in SQ 8.