#opendaylight #help Update archetype based project from AL SR4 to Phosphorus latest #opendaylight #help
|
Zsolt Krenak
Hi Everyone, I'm trying to bump our ODL version from Aluminium SR4 to Phosphorus latest due to the log4j vulnerability. Our repo is based on the generated archetype repo. I bumped all parent adn dependency versions I could find in poms to the following: odlparent 9.0.9 Apache Karaf starting up. Press Enter to open the shell now... 99% [=======================================================================>]org.apache.karaf.features.internal.util.MultiException: Error restarting bundles: Exception in org.ops4j.pax.web.extender.war.internal.Activator.start() of bundle org.ops4j.pax.web.pax-web-extender-war. at org.apache.karaf.features.internal.service.Deployer.deploy(Deployer.java:1049) at org.apache.karaf.features.internal.service.FeaturesServiceImpl.doProvision(FeaturesServiceImpl.java:1069) at org.apache.karaf.features.internal.service.FeaturesServiceImpl.lambda$doProvisionInThread$13(FeaturesServiceImpl.java:1004) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) Suppressed: org.osgi.framework.BundleException: Exception in org.ops4j.pax.web.extender.war.internal.Activator.start() of bundle org.ops4j.pax.web.pax-web-extender-war. at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:835) at org.eclipse.osgi.internal.framework.BundleContextImpl.start(BundleContextImpl.java:763) at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(EquinoxBundle.java:1028) at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule.startWorker(EquinoxBundle.java:371) at org.eclipse.osgi.container.Module.doStart(Module.java:605) at org.eclipse.osgi.container.Module.start(Module.java:468) at org.eclipse.osgi.internal.framework.EquinoxBundle.start(EquinoxBundle.java:445) at org.eclipse.osgi.internal.framework.EquinoxBundle.start(EquinoxBundle.java:464) at org.apache.karaf.features.internal.service.BundleInstallSupportImpl.startBundle(BundleInstallSupportImpl.java:165) at org.apache.karaf.features.internal.service.FeaturesServiceImpl.startBundle(FeaturesServiceImpl.java:1160) at org.apache.karaf.features.internal.service.Deployer.deploy(Deployer.java:1041) ... 6 more Caused by: java.lang.NoClassDefFoundError: Could not initialize class org.ops4j.pax.web.extender.war.internal.DefaultWebAppDependencyManager at org.ops4j.pax.web.extender.war.internal.Activator.doStart(Activator.java:53) at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.start(AbstractExtender.java:117) at org.eclipse.osgi.internal.framework.BundleContextImpl$2.run(BundleContextImpl.java:814) at org.eclipse.osgi.internal.framework.BundleContextImpl$2.run(BundleContextImpl.java:1) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:806) ... 16 more The bundle diag: org.opendaylight.aaa.aaa-shiro (200) ------------------------------------ Status: GracePeriod Blueprint 1/4/22, 9:52 AM Missing dependencies: (objectClass=org.opendaylight.aaa.web.WebServer) (objectClass=org.osgi.service.http.HttpService) Declarative Services org.opendaylight.aaa.authenticator.ODLAuthenticator (22) org.opendaylight.aaa.shiro.idm.OSGIIdmLightProxy (23)
ODL :: aaa :: web-osgi-impl (204) --------------------------------- Status: Waiting Declarative Services org.opendaylight.aaa.web.osgi.PaxWebServer (24) missing references: global MD SAL Restconf Connector (308) ------------------------------- Status: GracePeriod Blueprint 1/4/22, 9:52 AM Missing dependencies: (objectClass=org.opendaylight.aaa.web.WebContextSecurer) (objectClass=org.opendaylight.aaa.web.WebServer) Declarative Services MD SAL Restconf Connector (309) ------------------------------- Status: GracePeriod Blueprint 1/4/22, 9:52 AM Missing dependencies: (objectClass=org.opendaylight.aaa.web.WebServer) (objectClass=org.opendaylight.aaa.web.WebContextSecurer) Declarative Services MD SAL Rest Api Doc Generator (311) ----------------------------------- Status: GracePeriod Blueprint 1/4/22, 9:52 AM Missing dependencies: (objectClass=org.opendaylight.aaa.web.WebServer) (objectClass=org.opendaylight.aaa.web.WebContextSecurer) Declarative Services
Br, Zsolt |
|
|
|
Robert Varga
On 04/01/2022 10:17, Zsolt Krenak wrote:
Hi Everyone,Hey Zsolt, I'm trying to bump our ODL version from Aluminium SR4 to Phosphorus latest due to the log4j vulnerability. Our repo is based on the generated archetype repo. I bumped all parent adn dependency versions I could find in poms to the following:[snip] /I also cloned the archetypes project and bump the versions there to have a reference. When I run mvn clean install, the Opendaylight Rest single feature test dies for the exact same reason. Probably something is missing because this is a big jump in versions, could someone give me a hint what is missing or what changed since aluminium that could cause this problem? Thanks is advance!It seems *something* is off, but you do not mention the AAA version. Can you perhaps post full karaf.log, so I can see what bundles are being installed? Regards, Robert |
|
|
|
Zsolt Krenak
Hi Robert,
Sorry, if this is a duplicate, I sent this in the morning, but I cannot see it sent so I send it again.
So, the AAA version is the latest released: 0.14.7 which is most probably the problem, as this version is still referencing odlparent 9.0.8 and mdsal 8.0.7. If we downgrade to the released versions of Phosphorus SR1 based on these versions (Platform versions — integration/distribution master documentation (opendaylight.org)) then everything seems to work. So I figure the problem is that the log4j fix is not yet released "officially". Right now went for SR1 which was probably the harder part and now wait for a new release that contains log4j fix (probably SR2?). Is there maybe a timeline for this? Thanks is advance. Zsolt |
|
|
|
Robert Varga
On 11/01/2022 11:12, Zsolt Krenak wrote:
Hi Robert,Hello Zsolt, everyone, Sorry, if this is a duplicate, I sent this in the morning, but I cannot see it sent so I send it again.Right. As per our community support, Phosphorus SR2 will have Log4Shell resolved in the timelines documented in the release plan (sorry, I don't have the link readily available, I am sure Daniel, CCd, does). As per our governance, a number of MRI projects have releases unaffected by Log4Shell available, but those are not completely integrated. If memory serves right, we are now blocked by CONTROLLER-2025, which we want to have fixed in Phosphorus SR2 as well. Regards, Robert |
|
|
|
On Wed, Jan 19, 2022 at 5:30 PM Robert Varga <nite@...> wrote: On 11/01/2022 11:12, Zsolt Krenak wrote: Here is the current release schedule
|
|
|