I'm trying to connect to CosmosDB through my SpringBoot app. I have all of this working if I run the app with Spring or via Intellij. But, when I run the app in Docker I get the following error message:
com.azure.data.cosmos.CosmosClientException: The authorization token is not valid at the current time.
Please create another token and retry
(token start time: Thu, 26 Mar 2020 04:32:10 GMT,
token expiry time: Thu, 26 Mar 2020 04:47:10 GMT, current server time: Tue, 31 Mar 2020 20:12:42 GMT).
Note that in the above error message the current server time is correct but the other times are 5 days behind.
What I find interesting is that I only ever receive this in the docker container.
FROM {copy of zulu-jdk11}
ARG JAR_FILE
#.crt file in the same folder as your Dockerfile
ARG CERT="cosmos.cer"
ARG ALIAS="cosmos2"
#import cert into java
COPY $CERT /
RUN chmod +x /$CERT
WORKDIR $JAVA_HOME/lib/security
RUN keytool -importcert -file /$CERT -alias $ALIAS -cacerts -storepass changeit -noprompt
WORKDIR /
COPY /target/${JAR_FILE} app.jar
COPY run-java.sh /
RUN chmod +x /run-java.sh
ENV JAVA_OPTIONS "-Duser.timezone=UTC"
ENV JAVA_APP_JAR "/app.jar"
# run as non-root to mitigate some security risks
RUN addgroup -S pcc && adduser -S nonroot -G nonroot
USER nonroot:nonroot
ENTRYPOINT ["/run-java.sh"]
One thing to note is ENV JAVA_OPTIONS "-Duser.timezone=UTC" but removing this didn't help me at all
I basically run the same step from IntelliJ and I have no issues with it but in docker the expiry date seems to be 5 days behind.
version: "3.7"
services:
orchestration-agent:
image: {image-name}
ports:
- "8080:8080"
network_mode: host
environment:
- COSMOSDB_URI=https://host.docker.internal:8081/
- COSMOSDB_KEY={key}
- COSMOSDB_DATABASE={database}
- COSMOSDB_POPULATEQUERYMETRICS=true
- COSMOSDB_ITEMLEVELTTL=60
I think it should also be mentioned that I changed the network_mode to host. And I also changed the CosmosDB URI from https://localhost:8081 to https://host.docker.internal:8081/
I would also like to mention that I built my dockerfile with the help of:
Importing self-signed cert into Docker's JRE cacert is not recognized by the service
How to add a SSL self-signed cert to Jenkins for LDAPS within Dockerfile?
Docker 容器不维护单独的时钟,它与 Linux 主机相同,因为时间不是命名空间值。这也是 Docker 取消更改容器内时间的权限的原因,因为这会影响主机和其他容器,打破隔离模型。
但是,在 Docker 桌面上,docker 在 VM 内部运行(允许您在非 Linux 桌面上运行 Linux 容器),并且当笔记本电脑挂起时,该 VM 的时间可能会不同步。目前正在 github 上的一个问题中跟踪此问题,您可以关注该问题以查看进度: https //github.com/docker/for-win/issues/4526
可能的解决方案包括重新启动计算机、重新启动 docker 的 VM、将 NTP 作为特权容器运行,或使用以下 PowerShell 重置 Windows VM 中的时间同步:
Get-VMIntegrationService -VMName DockerDesktopVM -Name "Time Synchronization" | Disable-VMIntegrationService
Get-VMIntegrationService -VMName DockerDesktopVM -Name "Time Synchronization" | Enable-VMIntegrationService
使用 WSL 2,重新启动 VM 包括:
wsl --shutdown
wsl
最近存在WSL 2 睡眠后时移的已知问题,该问题已在 5.10.16.3 WSL 2 Linux 内核中修复,该内核仍未包含在 Windows 10 版本 21H1 更新中,但可以手动安装。
如何检查 WSL 内核版本:
> wsl uname -r
旧内核的临时解决方法有助于直到下一次睡眠:
> wsl hwclock -s
| 归档时间: |
|
| 查看次数: |
2221 次 |
| 最近记录: |