OpenJDK - Fix inconsistencies #143
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As seen in Debian 10:
```shell
TASK [ansible-scylla-node : Install Java] *************************************************************************************************************************************************************************
fatal: [181.10.10.125]: FAILED! => {"changed": false, "msg": "No package matching 'openjdk-8-jre-headless' is available"}
```
As of https://lists.debian.org/debian-java/2019/04/msg00036.html
For consistency, we also bump Ubuntu JDK to version 11 and we keep the alternatives check to ensure a newer (and perhaps unsupported) OpenJDK release sneaks in. The problem with moving to OpenJDK 11, however, is that it makes us vulnerable to scylladb/scylladb#10442, this will be addressed in a later PR.
As of JDK 8u331 / JDK 11.0.15+8 : The parsing of URLs in the LDAP, DNS, and RMI built-in JNDI providers has been made more strict, which effectively breaks nodetool in scylla-tools releases prior to when CASSANDRA-17581 was fixed. Users running an earlier release of Scylla will fail on nodetool with the following message: ```shell nodetool: Failed to connect to '127.0.0.1:7199' - URISyntaxException: 'Malformed IPv6 address at index 7: rmi://[127.0.0.1]:7199'. ``` This affects all distributions using a recent OpenJDK release: Debian & Ubuntu (OpenJDK 11) and Centos 7 (OpenJDK 8) have been tested and are all affected. The known workarounds to this are: - Append the `-Dcom.sun.jndi.rmiURLParsing="legacy"` option to nodetool command line - Call nodetool with `-h ::FFFF:127.0.0.1` on the command line - Revert to an older OpenJDK release known not to be affected by this change. We decided to go with the former, as the 2nd option seemed a burden to require the user to type everytime, and the latter is not a good security practice in general. This commit will therefore append JAVA_TOOL_OPTIONS="-Dcom.sun.jndi.rmiURLParsing=legacy" to the host OS /etc/environment file, which allows any user to run nodetool commands when a recent OpenJDK release is installed AND when running an older scylla-tools version. As this corrects a "transitory" situation, it is placed as a separate commit so that it can easily be reverted later, should it be needed, when all supported Scylla releases are known to have the fix implemented.
|
@fee-mendes I think this patch looks good re update to openjdk 11 however the commit/patch for nodetool and tainting environment with java opts should be split from this PR and likely I don't want to merge it (it's fixed in latest Scylla anyways, no need to pollute the repo with temporary stuff that is not even relevant now) |
If it isn't then we have a real problem in our release process. 1.8 is EOL for a long time now, most distributions support it on a best-effort basis, and Debian - as always progressist - already removed it. :-) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This series addresses two OpenJDK related inconsistencies across Ubuntu/Debian/CentOS:
As Debian 10 onward no longer ship with OpenJDK 8, we bump its version to OpenJDK 11. Similarly, we also let Ubuntu make use of that as it no longer ships updates to OpenJDK 8 (therefore, it should be eventually be removed in future releases). CentOS - on the other hand - still ships updates to OpenJDK 8 (via EPEL) and we let the default installer pick its latest release as usual.
However, installing a recent OpenJDK version in either distribution unveils scylladb/scylladb#10442, which needs to be treated accordingly. This is handled in the second commit in this series.
Fixes #142