search

wso2 / carbon-kernel

Apache License 2.0
146 stars 655 forks source link

Rebuild carbon.kernel 4.6.1 with log4j fix #3248

Closed happycujo closed 2 years ago

happycujo commented 2 years ago

Description: We are currently using in production WSO2 Identity Server 5.11 which use internally carbon.kernel 4.6.1. In order to fix log4j issue (CVE-2021-44228), we tried to rebuild both carbon.kernel (https://github.com/wso2/carbon-kernel.git) and product-is (https://github.com/wso2/product-is.git) using the latest version.

The only modification we did to change log4j and pax version in the pom.xml. 

<pax.logging.api.version>1.11.13</pax.logging.api.version>
<pax.logging.log4j2.version>1.11.13</pax.logging.log4j2.version>
<version.log4j.core>2.17.1</version.log4j.core>
<version.log4j.jul>2.17.1</version.log4j.jul>

if only rebuild product-is, the resulting server is working but we still have the vulnerability inherited from carbon.kernel. if we rebuilt both, we end up with a server that is not starting correctly. :( (But hey, the vulnerability has been fixed!). The issue seems related to the upgrade of pax.logging (1.11.03 --> 1.11.13)as we we restore the previous version the server will work as expected.

Question: 1- What is the proper way to upgrade pax.logging in carbon.server. Is there other dependancies to take in consideration? 2- Is there a docker image of 5.11 with log4j upgraded somewhere? Our client does not want the mitigation process - they want the full log4j upgrade.

We used the following procedure

FROM ubuntu:18.04 as builder

# install the compilation dependencies
RUN apt-get update && apt-get install -y openjdk-11-jdk git maven unzip

ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64

WORKDIR /opt/

# Get the specific source code version 
RUN git clone --depth 1 --branch v4.6.1 https://github.com/wso2/carbon-kernel.git
RUN git clone --depth 1 --branch v5.11.0 https://github.com/wso2/product-is.git

# Overide pom.xml to fix log4j + pax - commented for now 
COPY ./carbon.kernel/pom.xml /opt/carbon-kernel/parent/pom.xml
# COPY ./productis/pom.xml /opt/product-is/pom.xml

# Build 1st the kernel
WORKDIR /opt/carbon-kernel

# =p maven-release?
# https://github.com/wso2/carbon-kernel/blob/master/.github/workflows/pr-builder.yml
RUN  mvn --quiet  clean install -Dmaven.test.skip=true -U -B

# The dependancy will be stored in the internal mvn repo

# Build wso2is
WORKDIR /opt/product-is
RUN  mvn --quiet clean install -Dmaven.test.skip=true

# The zip file is generated a this location /opt/product-is/modules/distribution/target/wso2is-5.11.0.zip

# inspired from https://github.com/wso2/docker-is/blob/master/dockerfiles/ubuntu/is/Dockerfile
FROM adoptopenjdk:11.0.11_9-jdk-hotspot-focal
LABEL maintainer="WSO2 Docker Maintainers <dev@wso2.org>" \
      com.wso2.docker.source="https://github.com/wso2/docker-is/releases/tag/v5.11.0.5"

# set Docker image build arguments
# build arguments for user/group configurations
ARG USER=wso2carbon
ARG USER_ID=802
ARG USER_GROUP=wso2
ARG USER_GROUP_ID=802
ARG USER_HOME=/home/${USER}
# build arguments for WSO2 product installation
ARG WSO2_SERVER_NAME=wso2is
ARG WSO2_SERVER_VERSION=5.11.0
ARG WSO2_SERVER_REPOSITORY=product-is
ARG WSO2_SERVER=${WSO2_SERVER_NAME}-${WSO2_SERVER_VERSION}
ARG WSO2_SERVER_HOME=${USER_HOME}/${WSO2_SERVER}
# build arguments for external artifacts
ARG DNS_JAVA_VERSION=2.1.8
ARG K8S_MEMBERSHIP_SCHEME_VERSION=1.0.8
# build argument for MOTD
ARG MOTD="\n\
Welcome to WSO2 Docker resources.\n\
------------------------------------ \n\
This Docker container comprises of a WSO2 product, running with its latest GA release \n\
which is under the Apache License, Version 2.0. \n\
Read more about Apache License, Version 2.0 here @ http://www.apache.org/licenses/LICENSE-2.0.\n"

# create the non-root user and group and set MOTD login message
RUN \
    groupadd --system -g ${USER_GROUP_ID} ${USER_GROUP} \
    && useradd --system --create-home --home-dir ${USER_HOME} --no-log-init -g ${USER_GROUP_ID} -u ${USER_ID} ${USER} \
    && echo '[ ! -z "${TERM}" -a -r /etc/motd ] && cat /etc/motd' >> /etc/bash.bashrc; echo "${MOTD}" > /etc/motd

# copy init script to user home
COPY --chown=wso2carbon:wso2 docker-entrypoint.sh ${USER_HOME}/

# install required packages
RUN \
    apt-get update \
    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
        netcat \
        unzip \
        wget \
    && rm -rf /var/lib/apt/lists/*

# Getting our copy from the builer
COPY --from=builder /opt/product-is/modules/distribution/target/wso2is-5.11.0.zip ${WSO2_SERVER}.zip

# add the WSO2 product distribution to user's home directory
RUN \
    unzip -d ${USER_HOME} ${WSO2_SERVER}.zip \
    && chown wso2carbon:wso2 -R ${WSO2_SERVER_HOME} \
    && rm -f ${WSO2_SERVER}.zip

# add libraries for Kubernetes membership scheme based clustering
ADD --chown=wso2carbon:wso2 https://repo1.maven.org/maven2/dnsjava/dnsjava/${DNS_JAVA_VERSION}/dnsjava-${DNS_JAVA_VERSION}.jar ${WSO2_SERVER_HOME}/repository/components/lib
ADD --chown=wso2carbon:wso2 http://maven.wso2.org/nexus/content/repositories/releases/org/wso2/carbon/kubernetes/artifacts/kubernetes-membership-scheme/${K8S_MEMBERSHIP_SCHEME_VERSION}/kubernetes-membership-scheme-${K8S_MEMBERSHIP_SCHEME_VERSION}.jar ${WSO2_SERVER_HOME}/repository/components/dropins

# set the user and work directory
USER ${USER_ID}
WORKDIR ${USER_HOME}

# set environment variables
ENV WORKING_DIRECTORY=${USER_HOME} \
    WSO2_SERVER_HOME=${WSO2_SERVER_HOME}

# expose ports
EXPOSE 4000 9763 9443

# initiate container and start WSO2 Carbon server
ENTRYPOINT ["/home/wso2carbon/docker-entrypoint.sh"]

While the compilation is a success (apparently), the resulted serveris not working. Wso2 Identity Server start and hang with the following log: 

JAVA_HOME environment variable is set to /opt/java/openjdk
CARBON_HOME environment variable is set to /home/wso2carbon/wso2is-5.11.0
Using Java memory options: -Xms256m -Xmx1024m
[2022-03-30 12:26:33,027]  INFO {org.wso2.config.mapper.ConfigParser} - Applying Configurations upon new Templates
[2022-03-30 12:26:33,034]  WARN {org.wso2.config.mapper.ConfigParser} - Overriding files in configuration directory /home/wso2carbon/wso2is-5.11.0
[2022-03-30 12:26:36,827]  INFO {org.wso2.config.mapper.ConfigParser} - Writing Metadata Entries...
org.ops4j.pax.logging.pax-logging-api [log4j2] WARN : No Root logger was configured, creating default ERROR-level Root logger with Console appender Ignored FQCN: org.apache.logging.log4j.spi.AbstractLogger
org.ops4j.pax.logging.pax-logging-api [log4j2] WARN : No Root logger was configured, creating default ERROR-level Root logger with Console appender Ignored FQCN: org.apache.logging.log4j.spi.AbstractLogger
12:27:05.989 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.axiom.util.stax.dialect.StAXDialectDetector - Unable to determine dialect of the StAX implementation at bundleresource://11.fwk448782465/
12:27:17.369 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.directory.api.ldap.model.entry.DefaultAttribute - ERR_13207_VALUE_ALREADY_EXISTS The value 'askPassword' already exists in the attribute (m-may)
12:27:17.370 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.directory.api.ldap.model.entry.DefaultAttribute - ERR_13207_VALUE_ALREADY_EXISTS The value 'forcePasswordReset' already exists in the attribute (m-may)
12:27:17.372 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.directory.api.ldap.model.entry.DefaultAttribute - ERR_13207_VALUE_ALREADY_EXISTS The value 'failedRecoveryAttempts' already exists in the attribute (m-may)
12:27:17.373 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.directory.api.ldap.model.entry.DefaultAttribute - ERR_13207_VALUE_ALREADY_EXISTS The value 'primaryChallengeQuestion' already exists in the attribute (m-may)
12:27:17.373 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.directory.api.ldap.model.entry.DefaultAttribute - ERR_13207_VALUE_ALREADY_EXISTS The value 'emailVerified' already exists in the attribute (m-may)
<...>
12:27:17.744 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.directory.server.core.DefaultDirectoryService - ApacheDS shutdown hook has NOT been registered with the runtime.  This default setting for standalone operation has been overriden.
12:27:18.448 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: corbaIor
12:27:18.450 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: corbaObject
12:27:18.483 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: corbaRepositoryId
<..>
12:27:24.630 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: sambaNextGroupRid
<..>
12:27:25.137 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpSharedNetworkDN
12:27:25.151 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpSubnetDN
12:27:25.153 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpGroupDN
12:27:25.154 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpHostDN
<...>
12:27:25.256 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpRelayAgentInfo
12:27:25.257 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpHWAddress
12:27:25.260 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpNetMask
12:27:25.272 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpRange
12:27:25.274 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpPoolDN
12:27:25.275 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpGroupDN
12:27:25.277 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpHostDN
12:27:25.280 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpClassesDN
12:27:25.283 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpLeasesDN
12:27:25.285 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpOptionsDN
12:27:25.289 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpStatements
12:27:25.293 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpOption
12:27:25.301 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpAddressState
12:27:25.327 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpExpirationTime
12:27:25.334 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: dhcpStartTimeOfState
<...>
12:27:26.315 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: custom1
12:27:26.316 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: custom2
12:27:26.317 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: custom3
12:27:26.320 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: custom4
12:27:26.329 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.Value - ERR_13725_CANNOT_HANDLE_NAME_AND_OPTIONAL_UID_NORM I do not know how to handle NameAndOptionalUID normalization with objects of class: nsAIMid
12:27:29.694 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.directory.server.core.DefaultDirectoryService - You didn't change the admin password of directory service instance 'default'.  Please update the admin password as soon as possible to prevent a possible security breach.
12:27:30.405 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] ERROR org.apache.directory.api.ldap.model.entry.DefaultAttribute - ERR_13200_VALUE_CANT_BE_NORMALIZED The value 'null' can't be normalized, it hasn't been added
12:27:35.441 [Component Resolve Thread (Bundle 122)] WARN  org.apache.catalina.core.StandardContext - A context path must either be an empty string or start with a '/' and do not end with a '/'. The path [/] does not meet these criteria and has been changed to []
12:27:47.421 [pool-7-thread-1] WARN  org.apache.directory.server.ldap.LdapSession - AbandonableRequest with messageId 2 not found in outstandingRequests.
12:27:47.711 [pool-7-thread-1] WARN  org.apache.directory.server.ldap.LdapSession - AbandonableRequest with messageId 2 not found in outstandingRequests.
12:27:47.864 [pool-7-thread-1] WARN  org.apache.directory.server.ldap.LdapSession - AbandonableRequest with messageId 2 not found in outstandingRequests.
12:27:54.664 [Start Level: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.solr.core.CoreContainer - Couldn't add files from /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/lib to classpath: /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/lib
12:27:55.443 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.core.SolrConfig - Couldn't add files from /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../contrib/extraction/lib filtered by .*\.jar to classpath: /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../contrib/extraction/lib
12:27:55.452 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.core.SolrConfig - Couldn't add files from /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../dist filtered by solr-cell-\d.*\.jar to classpath: /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../dist
12:27:55.454 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.core.SolrConfig - Couldn't add files from /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../contrib/clustering/lib filtered by .*\.jar to classpath: /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../contrib/clustering/lib
12:27:55.455 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.core.SolrConfig - Couldn't add files from /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../dist filtered by solr-clustering-\d.*\.jar to classpath: /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../dist
12:27:55.456 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.core.SolrConfig - Couldn't add files from /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../contrib/langid/lib filtered by .*\.jar to classpath: /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../contrib/langid/lib
12:27:55.456 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.core.SolrConfig - Couldn't add files from /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../dist filtered by solr-langid-\d.*\.jar to classpath: /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../dist
12:27:55.457 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.core.SolrConfig - Couldn't add files from /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../contrib/velocity/lib filtered by .*\.jar to classpath: /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../contrib/velocity/lib
12:27:55.457 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.core.SolrConfig - Couldn't add files from /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../dist filtered by solr-velocity-\d.*\.jar to classpath: /home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../dist
12:27:55.657 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.core.Config - Begining with Solr 5.0, <checkIntegrityAtMerge> option is no longer supported and should be removed from solrconfig.xml (these integrity checks are now automatic)
12:27:59.245 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.schema.AbstractSpatialFieldType - units parameter is deprecated, please use distanceUnits instead for field types with class SpatialRecursivePrefixTreeFieldType
12:28:01.424 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.core.SolrCore - [registry-indexing] Solr index directory '/home/wso2carbon/wso2is-5.11.0/repository/conf/solr/registry-indexing/../../../../solr/data/index' doesn't exist. Creating new index...
12:28:02.786 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.core.SolrResourceLoader - Solr loaded a deprecated plugin/analysis class [solr.admin.AdminHandlers]. Please consult documentation how to replace it accordingly.
12:28:03.854 [coreLoadExecutor-6-thread-1] WARN  org.apache.solr.handler.admin.AdminHandlers - <requestHandler name="/admin/"
 class="solr.admin.AdminHandlers" /> is deprecated . It is not required anymore
12:28:03.969 [Thread-4] WARN  org.eclipse.equinox.ds - Getting a lock required more than 10000 ms. There might be a synchronization problem in this callstack or just the build/dispose process of some components took too long!
java.lang.Exception: Debug stacktrace
        at org.eclipse.equinox.internal.ds.InstanceProcess.getLock(InstanceProcess.java:120) [org.eclipse.equinox.ds_1.4.400.v20160226-2036.jar:?]
        at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:159) [org.eclipse.equinox.ds_1.4.400.v20160226-2036.jar:?]
        at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343) [org.eclipse.equinox.ds_1.4.400.v20160226-2036.jar:?]
        at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222) [org.eclipse.equinox.ds_1.4.400.v20160226-2036.jar:?]
        at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:113) [org.eclipse.osgi_3.14.0.v20190517-1309.jar:?]
        at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:985) [org.eclipse.osgi_3.14.0.v20190517-1309.jar:?]
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234) [org.eclipse.osgi_3.14.0.v20190517-1309.jar:?]
        at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:151) [org.eclipse.osgi_3.14.0.v20190517-1309.jar:?]
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:866) [org.eclipse.osgi_3.14.0.v20190517-1309.jar:?]
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:804) [org.eclipse.osgi_3.14.0.v20190517-1309.jar:?]
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130) [org.eclipse.osgi_3.14.0.v20190517-1309.jar:?]
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:228) [org.eclipse.osgi_3.14.0.v20190517-1309.jar:?]
        at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:525) [org.eclipse.osgi_3.14.0.v20190517-1309.jar:?]
        at org.eclipse.equinox.http.servlet.internal.Activator.registerHttpService(Activator.java:81) [org.eclipse.equinox.http.servlet_1.1.400.v20130418-1354.jar:?]
        at org.eclipse.equinox.http.servlet.internal.Activator.addProxyServlet(Activator.java:60) [org.eclipse.equinox.http.servlet_1.1.400.v20130418-1354.jar:?]
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.init(ProxyServlet.java:40) [org.eclipse.equinox.http.servlet_1.1.400.v20130418-1354.jar:?]
        at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.init(DelegationServlet.java:38) [org.wso2.carbon.tomcat.ext_4.6.1.jar:?]
        at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1134) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1089) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:983) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4876) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5185) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374) [tomcat_9.0.34.wso2v1.jar:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat_9.0.34.wso2v1.jar:?]
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:140) [?:?]
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374) [tomcat_9.0.34.wso2v1.jar:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat_9.0.34.wso2v1.jar:?]
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:140) [?:?]
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [tomcat_9.0.34.wso2v1.jar:?]
        at org.wso2.carbon.tomcat.ext.service.ExtendedStandardService.startInternal(ExtendedStandardService.java:52) [org.wso2.carbon.tomcat.ext_4.6.1.jar:?]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930) [tomcat_9.0.34.wso2v1.jar:?]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [tomcat_9.0.34.wso2v1.jar:?]
        at org.wso2.carbon.tomcat.internal.CarbonTomcat.start(CarbonTomcat.java:113) [org.wso2.carbon.tomcat_4.6.1.jar:?]
        at org.wso2.carbon.tomcat.internal.ServerManager$1.run(ServerManager.java:167) [org.wso2.carbon.tomcat_4.6.1.jar:?]
        at java.lang.Thread.run(Thread.java:829) [?:?]
12:28:12.643 [Framework Event Dispatcher: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  javax.mail - expected resource not found: /META-INF/javamail.default.address.map
12:28:20.613 [Framework Event Dispatcher: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.axis2.description.java2wsdl.DefaultSchemaGenerator - We don't support method overloading. Ignoring [doSingleLogout]
12:33:10.039 [Framework Event Dispatcher: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.tomcat.util.net.SSLUtilBase - jsseUtil.trustedCertNotValid
12:33:10.044 [Framework Event Dispatcher: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.tomcat.util.net.SSLUtilBase - jsseUtil.trustedCertNotValid
12:33:10.055 [Framework Event Dispatcher: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.tomcat.util.net.SSLUtilBase - jsseUtil.trustedCertNotValid
12:33:10.059 [Framework Event Dispatcher: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.tomcat.util.net.SSLUtilBase - jsseUtil.trustedCertNotValid
12:33:10.060 [Framework Event Dispatcher: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.tomcat.util.net.SSLUtilBase - jsseUtil.trustedCertNotValid
12:33:10.062 [Framework Event Dispatcher: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.tomcat.util.net.SSLUtilBase - jsseUtil.trustedCertNotValid
12:33:10.066 [Framework Event Dispatcher: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.tomcat.util.net.SSLUtilBase - jsseUtil.trustedCertNotValid
12:33:10.076 [Framework Event Dispatcher: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.tomcat.util.net.SSLUtilBase - jsseUtil.trustedCertNotValid
12:33:13.733 [Framework Event Dispatcher: Equinox Container: 6eab4600-62ca-49b8-80dd-c2cee0b8e3fc] WARN  org.apache.catalina.core.StandardContext - A context path must either be an empty string or start with a '/' and do not end with a '/'. The path [/] does not meet these criteria and has been changed to []

Any input on this would be greatly appreciated!

Suggested Labels: log4j wso2is

Affected Product Version: 4.6.1

Steps to reproduce: Using the attached docker file

Edit the original parent/pom.xml file with the following version and place the pom.xml in this folder ./carbon.kernel/pom.xml relative to the dockerfile

<pax.logging.api.version>1.11.13</pax.logging.api.version>
<pax.logging.log4j2.version>1.11.13</pax.logging.log4j2.version>
<version.log4j.core>2.17.1</version.log4j.core>
<version.log4j.jul>2.17.1</version.log4j.jul>

Then

docker build -t iam-base:001 .
docker run -p 9443:9443 iam-base:001
happycujo commented 2 years ago

Ok, i was able to resolve the issue. Turn out some additional was required to pax logging. I added the following line in pax-logging.properties to fix the issue:

log4j2.file=true