[
https://issues.apache.org/jira/browse/BEAM-11227?focusedWorklogId=574524&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-574524
]
ASF GitHub Bot logged work on BEAM-11227:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 31/Mar/21 02:35
Start Date: 31/Mar/21 02:35
Worklog Time Spent: 10m
Work Description: suztomo edited a comment on pull request #14295:
URL: https://github.com/apache/beam/pull/14295#issuecomment-810577032
Comparison of the time.
Bad one:
https://ci-beam.apache.org/job/beam_PreCommit_Java_Commit/16814/consoleFull
Good one (with empty change):
https://ci-beam.apache.org/job/beam_PreCommit_Java_Phrase/3287/consoleFull
Good one with this PR:
https://ci-beam.apache.org/job/beam_PreCommit_Java_Phrase/3255/
Differences?
# "FROM-CACHE"
Good one with empty change has 718 "FROM-CACHE" marked Gradle tasks, while
bad one has only 19.
(Good one with this PR had 57 "FROM-CACHE" marked tasks.)
If the difference comes from the Gradle's build cache's status, running
"Java Precommit" will warm up the build cache on the Jenkins nodes eventually.
## What about disabling Gradle's build-cache?
> task output caching allows Gradle to reuse task outputs from any earlier
build in any location on the local machine.
In another experimental PR, I disabled the bulid-cache to see the same
problem (strange timeout) happens or not:
https://ci-beam.apache.org/job/beam_PreCommit_Java_Commit/16826/
# What's printed before the timeout?
It seems that something gets stuck during the build when the build times out.
https://ci-beam.apache.org/job/beam_PreCommit_Java_Phrase/3260/console has
```
12:14:16 GitHub pull request #14295 of commit
7746a03db04a81fcc01a71a39d280fbbba8011de, no merge conflicts.
...
12:48:55 > Task :sdks:java:container:goBuild
12:48:55 > Task :sdks:java:container:java8:copySdkHarnessLauncher
12:48:55 > Task :sdks:java:container:java8:dockerPrepare
12:48:56 > Task :sdks:java:container:java8:docker
12:49:22 > Task :sdks:java:core:validateShadedJarDoesntLeakNonProjectClasses
12:49:23 > Task :sdks:java:core:check
12:49:23 > Task :sdks:java:core:build
12:49:23 > Task :sdks:java:core:buildNeeded
12:49:23 Build timed out (after 120 minutes). Marking the build as aborted.
14:14:36 Build was aborted
```
Something was stuck for
```
19:19:05 GitHub pull request #14295 of commit
adb900f5e59bd2d73dcab01fdafba31335a74958, no merge conflicts.
...
19:55:45 > Task :sdks:java:core:build
19:55:45 > Task :sdks:java:core:buildNeeded
19:55:45 > Task :sdks:go:buildLinuxAmd64
19:55:53 > Task :sdks:go:goBuild
19:55:53
19:55:57 > Task :sdks:java:container:resolveBuildDependencies
19:55:57 Resolving
./github.com/apache/beam/sdks/go@/home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_Phrase/src/sdks/go
19:55:57
19:55:58 > Task :sdks:java:container:installDependencies
19:55:58 > Task :sdks:java:container:buildLinuxAmd64
19:56:06 > Task :sdks:java:container:goBuild
19:56:06 > Task :sdks:java:container:java8:copySdkHarnessLauncher
19:56:07 > Task :sdks:java:container:java8:dockerPrepare
19:56:08 > Task :sdks:java:container:java8:docker
19:56:35 Build timed out (after 120 minutes). Marking the build as aborted.
21:19:28 Build was aborted
```
(Timestamp on "Build timed out (after 120 minutes)" seems misleading but the
timeout did happen 2 hours after the build started.)
What was going on before the timeout?
# Docker?
The bad one
https://ci-beam.apache.org/job/beam_PreCommit_Java_Phrase/3289/consoleFull has
docker output just before it gets stuck.
```
22:12:26 > Task :sdks:java:container:java8:docker
22:12:26 ---> Running in bf17e70d60ed
22:12:26 Removing intermediate container bf17e70d60ed
22:12:26 ---> 506ba5b90030
22:12:26 Step 4/17 : ARG pull_licenses
22:12:26 ---> Running in 3346bdbd8ce5
22:12:27 Removing intermediate container 3346bdbd8ce5
22:12:27 ---> f34c50dfefd4
22:12:27 Step 5/17 : ADD target/slf4j-api.jar /opt/apache/beam/jars/
22:12:27 ---> d3efd2da9051
22:12:27 Step 6/17 : ADD target/slf4j-jdk14.jar /opt/apache/beam/jars/
22:12:27 ---> 1bade0036889
22:12:27 Step 7/17 : ADD target/beam-sdks-java-harness.jar
/opt/apache/beam/jars/
22:12:29 ---> b84b26312cab
22:12:29 Step 8/17 : ADD target/beam-sdks-java-io-kafka.jar
/opt/apache/beam/jars/
22:12:30 ---> d182126d9002
22:12:30 Step 9/17 : ADD target/kafka-clients.jar /opt/apache/beam/jars/
22:12:30 ---> 68069b317bb2
22:12:30 Step 10/17 : ADD target/linux_amd64/boot /opt/apache/beam/
22:12:31 ---> 139d269a0dd2
22:12:31 Step 11/17 : COPY target/LICENSE /opt/apache/beam/
22:12:31 ---> 3bd533e8a6aa
22:12:31 Step 12/17 : COPY target/NOTICE /opt/apache/beam/
22:12:31 ---> d02f526014e5
22:12:31 Step 13/17 : ADD target/third_party_licenses
/opt/apache/beam/third_party_licenses/
22:12:32 ---> 563dc08704b3
22:12:32 Step 14/17 : COPY target/LICENSE target/go-licenses/*
/opt/apache/beam/third_party_licenses/golang/
22:12:33 ---> 7bb23be74d14
22:12:33 Step 15/17 : RUN rm
/opt/apache/beam/third_party_licenses/golang/LICENSE
22:12:33 ---> Running in a5da935e716f
22:12:35 Removing intermediate container a5da935e716f
22:12:35 ---> 7710f7de9243
22:12:35 Step 16/17 : RUN if [ "${pull_licenses}" = "false" ] ; then rm
-rf /opt/apache/beam/third_party_licenses ; fi
22:12:35 ---> Running in e74b71f9b4c5
22:12:35
22:12:35 > Task :sdks:java:core:validateShadedJarDoesntLeakNonProjectClasses
22:12:35 > Task :sdks:java:core:check
22:12:35 > Task :sdks:java:core:build
22:12:35 > Task :sdks:java:core:buildNeeded
22:12:37
22:12:37 > Task :sdks:java:container:java8:docker
22:12:37 Removing intermediate container e74b71f9b4c5
22:12:37 ---> 7bba4948c7ee
22:12:37 Step 17/17 : ENTRYPOINT ["/opt/apache/beam/boot"]
22:12:37 ---> Running in 46bdf5c86c0f
22:12:37 Removing intermediate container 46bdf5c86c0f
22:12:37 ---> 803c5be658cd
22:12:37 Successfully built 803c5be658cd
22:12:37 Successfully tagged apache/beam_java8_sdk:2.30.0.dev
```
The good ones do not have docker output above:
- https://ci-beam.apache.org/job/beam_PreCommit_Java_Phrase/3287/console
(empty change PR)
- https://ci-beam.apache.org/job/beam_PreCommit_Java_Phrase/3255/console
(from this PR)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 574524)
Time Spent: 85h 50m (was: 85h 40m)
> Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216
> ---------------------------------------------------------
>
> Key: BEAM-11227
> URL: https://issues.apache.org/jira/browse/BEAM-11227
> Project: Beam
> Issue Type: Bug
> Components: build-system
> Affects Versions: 2.21.0, 2.22.0, 2.23.0, 2.24.0, 2.25.0
> Reporter: Boury Mbodj
> Assignee: Kenneth Knowles
> Priority: P1
> Labels: apache-beam, beam
> Fix For: 2.29.0
>
> Time Spent: 85h 50m
> Remaining Estimate: 0h
>
> *+Description+**:* [Apache Beam :: Vendored Dependencies :: GRPC ::
> 1.26.0|https://mvnrepository.com/artifact/org.apache.beam/beam-vendor-grpc-1_26_0]
> »
> [0.3|https://mvnrepository.com/artifact/org.apache.beam/beam-vendor-grpc-1_26_0/0.3]
> uses the dependency Eclipse Jetty (9.2.10.v20150310), which is prone to a
> privilege escalation vulnerability. This issue (CVE-2020-27216) was published
> on 23/10/2020.
> *+Affected Versions:+*
> Eclipse Jetty versions 9.4.32.v20200930 and prior, 10.0.0.beta2 and prior
> and 11.0.0.beta2 and prior.
> *+Recommendation/+* *+Update Suggestion:+*
> Update the Eclipse Jetty dependency to version 9.4.33.v20201020,
> 10.0.0.beta3, 11.0.0.beta3 or later.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
