WebLogic on AKS Deployment fails when SSL/TLS (using upload keystore) is enabled due to JDK Segmentation fault error

[gnsuryan]

WebLogic on AKS Deployment fails when SSL/TLS is enabled due to JDK Segmentation fault error

Steps to reproduce:

• Deploy WebLogic on AKS with SSL/TLS enabled using the upload keystore option
• The WLS on AKS deployment fails in the validate-parameter-and-fail-fast sub deployment
• The error message in the deployment container logs show that the error is occuring when keytool command is executed to validate the keystore.
• The error message is
  userscript.sh: line 85: 269 Segmentation fault java -version Errors happen during: validate Identity Keystore..

[gnsuryan]

Complete container Log:

Adding certificates not required Registering and setting the cloud Cloud is already registered Registering and setting the cloud completed Check compute resources: passed! Installing docker 0 Usage: docker [OPTIONS] COMMAND A self-sufficient runtime for containers Options: --config string Location of client config files (default "/root/.docker") -c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with "docker context use") -D, --debug Enable debug mode -H, --host list Daemon socket(s) to connect to -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") --tls Use TLS; implied by --tlsverify --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") --tlskey string Path to TLS key file (default "/root/.docker/key.pem") --tlsverify Use TLS and verify the remote -v, --version Print version information and quit Management Commands: builder Manage builds config Manage Docker configs container Manage containers context Manage contexts image Manage images manifest Manage Docker image manifests and manifest lists network Manage networks node Manage Swarm nodes plugin Manage plugins secret Manage Docker secrets service Manage services stack Manage Docker stacks swarm Manage Swarm system Manage Docker trust Manage trust on Docker images volume Manage volumes Commands: attach Attach local standard input, output, and error streams to a running container build Build an image from a Dockerfile commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem events Get real time events from the server exec Run a command in a running container export Export a container's filesystem as a tar archive history Show the history of an image images List images import Import the contents from a tarball to create a filesystem image info Display system-wide information inspect Return low-level information on Docker objects kill Kill one or more running containers load Load an image from a tar archive or STDIN login Log in to a Docker registry logout Log out from a Docker registry logs Fetch the logs of a container pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container ps List containers pull Pull an image or a repository from a registry push Push an image or a repository to a registry rename Rename a container restart Restart one or more containers rm Remove one or more containers rmi Remove one or more images run Run a command in a new container save Save one or more images to a tar archive (streamed to STDOUT by default) search Search the Docker Hub for images start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers version Show the Docker version information wait Block until one or more containers stop, then print their exit codes Run 'docker COMMAND --help' for more information on a command. �[1mTo get more help with docker, check out our guides at https://docs.docker.com/go/guides/�[0m Removing login credentials for https://index.docker.io/v1/ Login Succeeded login OCR with user gurudutt.suryanarayana@oracle.com Check OCR account: passed! image path: container-registry.oracle.com/middleware/weblogic:14.1.1.0-11 Check OCR image container-registry.oracle.com/middleware/weblogic:14.1.1.0-11: passed! check if admin user enabled in ACR wlsaksacrvpctcwaleem2m query 'adminUserEnabled' property of ACR wlsaksacrvpctcwaleem2m Installing openjdk11 0 java version WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store WARNING: This operation will delete the manifest 'sha256:5acc7d87ae24e4a925dec014aa8a2a24af05008a6dee778775f58059bb4bed8f' and all the following images: 'tmp1686140287:14.1.1.0-11' userscript.sh: line 85: 269 Segmentation fault java -version Errors happen during: validate Identity Keystore..

[gnsuryan]

The "Segmentation fault" error which occurs when executing java -version command inside the AKS container has been resolved.

The solution was to upgrade the installed packages in the Alpine Linux OS available inside the AKS container.
To upgrade the installed packages, we need to use the apk upgrade command, before installing open JDK11 required for validating SSL keystores.

 # Install Microsoft OpenJDK
        apk upgrade
        apk add openjdk11 \
            --no-cache \
            -q --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community

[gnsuryan]

This fix has submitted in the local git repo, using commit # 8183aea

The fix will be merged into the oracle/weblogic-azure git repo once all the WLS-on-AKS upgrade testing is completed.