Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UpgradeInitializer halts servlet container #4724

Open
2 tasks done
ppkarwasz opened this issue Mar 6, 2025 · 2 comments
Open
2 tasks done

UpgradeInitializer halts servlet container #4724

ppkarwasz opened this issue Mar 6, 2025 · 2 comments
Labels
defect Something isn't working pending more information

Comments

@ppkarwasz
Copy link

Current Behavior

UpgradeInitializer immediately terminates the entire Servlet Container if the connection to the database fails, by using Runtime.halt():

dependency-track/src/main/java/org/dependencytrack/upgrade/UpgradeInitializer.java

Lines 63 to 79 in ba0f375

try (final UpgradeMetaProcessor ump = new UpgradeMetaProcessor()) {
final VersionComparator currentVersion = ump.getSchemaVersion();
if (currentVersion != null && currentVersion.isOlderThan(new VersionComparator("4.0.0"))) {
LOGGER.error("Unable to upgrade Dependency-Track versions prior to v4.0.0. Please refer to documentation for migration details. Halting.");
ump.close();
Runtime.getRuntime().halt(-1);
}
ServiceLoader.load(PreUpgradeHook.class).stream()
.map(ServiceLoader.Provider::get)
.sorted(Comparator.comparingInt(PreUpgradeHook::priority))
.filter(hook -> hook.shouldExecute(ump))
.forEach(preUpgradeHooks::add);
} catch (UpgradeException e) {
LOGGER.error("An error occurred determining database schema version. Unable to continue.", e);
Runtime.getRuntime().halt(-1);
}

Steps to Reproduce

  1. Modify application.properties with an error in the database credentials.
  2. Deploy DependencyTrack to a Servlet Container.
  3. The Servlet Container will crash immediately.

Expected Behavior

I would expect UpgradeInitializer to throw an exception that will stop DependencyTrack from starting, but leave the Servlet Container running.

Dependency-Track Version

4.12.6

Dependency-Track Distribution

Executable WAR

Database Server

N/A

Database Server Version

15

Browser

N/A

Checklist
@ppkarwasz ppkarwasz added defect Something isn't working in triage labels Mar 6, 2025
@nscuro
Copy link
Member

nscuro commented Mar 14, 2025

Hmmm... I'm wondering, since DT is distributed as self-contained JAR file, what's the benefit of keeping the servlet container running if the application failed to start?

@ppkarwasz
Copy link
Author

@nscuro,

I actually run it on a standalone Tomcat server in my dev environment.

In general it should be enough to throw an unchecked dependency to stop the embedded container from starting. This is what the other ServletContainerListeners are doing:

dependency-track/src/main/java/org/dependencytrack/RequirementsVerifier.java

Lines 58 to 68 in c3ece09

if (Runtime.getRuntime().availableProcessors() < 2) {
if (systemRequirementCheckEnabled) {
setFailedValidation(true);
final String message = "Dependency-Track requires a minimum of 2 CPU cores. Cannot continue. To fix, specify -Xmx4G (or higher) when executing Java.";
LOGGER.error(message);
throw new RequirementsException(message);
} else {
final String message = "Dependency-Track requires a minimum of 2 CPU cores. We highly recommand to use 2 CPU cores. Dependency-Track will continue to start, but may not function properly. https://docs.dependencytrack.org/getting-started/deploy-docker/#container-requirements-api-server";
LOGGER.warn(message);
}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Something isn't working pending more information
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nscuro @ppkarwasz