[
https://issues.apache.org/jira/browse/KAFKA-17227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17870128#comment-17870128
]
Rob Young commented on KAFKA-17227:
-----------------------------------
Here's a reproducer using podman:
{code:java}
podman run -it --tmpfs /tmp:rw,size=787448k,mode=1777,noexec apache/kafka:3.8.0
/bin/bash
7ef5b101f96b:/$ cd /opt/kafka/
7ef5b101f96b:/opt/kafka$ KAFKA_CLUSTER_ID="$(bin/kafka-storage.sh random-uuid)"
7ef5b101f96b:/opt/kafka$ bin/kafka-storage.sh format -t $KAFKA_CLUSTER_ID -c
config/kraft/server.properties
Exception in thread "main" java.lang.UnsatisfiedLinkError:
/tmp/libzstd-jni-1.5.6-35934137328938107222.so: Error loading shared library
/tmp/libzstd-jni-1.5.6-35934137328938107222.so: Operation not permitted
no zstd-jni-1.5.6-3 in java.library.path:
/opt/java/openjdk/lib/server:/opt/java/openjdk/lib:/opt/java/openjdk/../lib:/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib
Unsupported OS/arch, cannot find /linux/amd64/libzstd-jni-1.5.6-3.so or load
zstd-jni-1.5.6-3 from system libraries. Please try building from source the jar
or providing libzstd-jni-1.5.6-3 in your system.
at java.base/java.lang.ClassLoader.loadLibrary(Unknown Source)
at java.base/java.lang.Runtime.loadLibrary0(Unknown Source)
at java.base/java.lang.System.loadLibrary(Unknown Source)
at com.github.luben.zstd.util.Native$1.run(Native.java:70)
at com.github.luben.zstd.util.Native$1.run(Native.java:68)
at java.base/java.security.AccessController.doPrivileged(Unknown Source)
at com.github.luben.zstd.util.Native.loadLibrary(Native.java:68)
at com.github.luben.zstd.util.Native.load(Native.java:155)
at com.github.luben.zstd.util.Native.load(Native.java:86)
at com.github.luben.zstd.Zstd.<clinit>(Zstd.java:12)
at
org.apache.kafka.common.compress.ZstdCompression.<clinit>(ZstdCompression.java:41)
at
org.apache.kafka.storage.internals.log.LogConfig.<clinit>(LogConfig.java:251)
at kafka.server.KafkaConfig$.<clinit>(KafkaConfig.scala:308)
at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:546)
at kafka.tools.StorageTool$.$anonfun$execute$1(StorageTool.scala:72)
at scala.Option.flatMap(Option.scala:283)
at kafka.tools.StorageTool$.execute(StorageTool.scala:72)
at kafka.tools.StorageTool$.main(StorageTool.scala:53)
at kafka.tools.StorageTool.main(StorageTool.scala)
{code}
I can see in the next version of zstd-jni 1.5.6-4 there is a commit that looks
like it makes the dir used [configurable by system
prop|https://github.com/luben/zstd-jni/commit/c057b94e0372be2e16e957e5e09b4fe3c84e8c22]
> Apache Kafka 3.8.0 /tmp exec permission
> ---------------------------------------
>
> Key: KAFKA-17227
> URL: https://issues.apache.org/jira/browse/KAFKA-17227
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 3.8.0
> Reporter: Francisco Martinez
> Priority: Major
> Attachments: kafka_issue.png
>
>
> I have just downloaded and installed new Apache Kafka version 3.8.0.
> It does not work for me (version 3.7.1 works fine).
> In SLES 15 SP5, i have configured /etc/fstab to do not have exec permission
> for the /tmp partition (noexec) (as suggested by the CIS benchmark).
> Then the Kafka service does not start. Even the kafka-storage.sh script
> cannot be executed to create the Kafka storage in /tmp/kraft-combined-logs.
> The error reported (in all cases) is exception
> java.lang.UnsatisfiedLinkError: /tmp/lib/libzstd-jni-1.5.6-3.....so: failed
> to map segment from shared object. The error does not appear if i enable
> again the exec permission in /tmp (i.e. mount -o remount,exec /tmp).
> It seems that the zstd-jni-1.5.6-3.jar library is tried to be loaded (even in
> the case the compression is disabled by default in producer.properties:
> compression.type=none). Inside the jar file there is for example
> lizstd-jni-1.5.6-3.so for amd64 architecture that is used by the jar, and for
> that purpose it is copied to /tmp. But if the /tmp does not have execution
> permissions, the Apache Kafka processes don't start.
> Maybe the issue is in zstd-jni and has to be solved in zstd-jni, or maybe the
> library could be imported only when necessary (only in case the compression
> is used) to minimize the issue with zstd-jni.
> Thanks and regards.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
