Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate log4j-hotpatch OCI hook #3401

Merged
merged 7 commits into from
Sep 2, 2023
Merged

Deprecate log4j-hotpatch OCI hook #3401

merged 7 commits into from
Sep 2, 2023

Conversation

arnaldo2792
Copy link
Contributor

Issue number:

Closes #3399

Description of changes:

Remove the log4j hotpatch functionality and deprecate the setting. Clean up unused packages.

Testing done:

In aws-ecs-1:

  • Migration testing from an adhoc build of 1.14.3 to 1.15, I validated that the deprecation message was logged, and on downgrade, I validated the hotpatch was still applied
  • In a 1.15 build, I validated the deprecation message was logged, and the hotpatch wasn't applied
  • In a running system, I validated the deprecation message was logged after the log4j-hotpatch-enabled settings was set to true

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@arnaldo2792
release: add units to warn about deprecated settings
5f95e36 
Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
@arnaldo2792
util-linux: include logger
38410d3 
Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
bcressey
bcressey reviewed Sep 1, 2023
View reviewed changes
README.md Outdated Show resolved Hide resolved
packages/release/release.spec Show resolved Hide resolved
sources/api/migration/migrations/v1.15.0/deprecate-log4j-hotpatch-enabled/Cargo.toml Outdated Show resolved Hide resolved
sources/models/shared-defaults/oci-hooks.toml Outdated Show resolved Hide resolved
sources/models/shared-defaults/oci-hooks.toml Outdated Show resolved Hide resolved
sources/api/migration/migrations/v1.15.0/log4j-hotpatch-enabled-metadata/Cargo.toml Outdated Show resolved Hide resolved
@arnaldo2792
api: adjust settings for log4j-hotpatch-enabled
e3bc71d 
The new settings will generate the configurations needed to log
deprecation warning in the journal.

Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
@arnaldo2792
packages: remove hotdog
a1a6f35 
The hotdog OCI hooks are no longer needed now that the setting to
hotpatch log4j is deprecated.

Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
@arnaldo2792
packages: remove log4j2-hotpatch
1c3b578 
The log4j2 hotpatch is no longer needed now that the setting to hotpatch
log4j is deprecated.

Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
@arnaldo2792
migrations: update settings for log4j-hotpatch-enabled
1a88ea2 
Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
@arnaldo2792
docs: mark log4j-hotpatch-enabled as deprecated
5f7a28b 
Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
@arnaldo2792
Copy link
Contributor Author

Forced push includes:

  • Bold format in README as suggested
  • Removed new lines from Cargo.toml
  • Keep oci-hooks defaults to generate shimpei`s hooks

@bcressey
Copy link
Contributor

bcressey commented Sep 2, 2023

Tested the downgrade path for aws-ecs-1 after launching a new image with the setting enabled.

Downgrade to 1.14.3:

Welcome to Bottlerocket OS 1.14.3 (aws-ecs-1)!
...
[    4.221136] migrator[444]: 00:51:16 [INFO] Running migration 'migrate_v1.15.0_deprecate-log4j-hotpatch-enabled.lz4'
[    4.346781] migrator[444]: 00:51:16 [INFO] Running migration 'migrate_v1.15.0_log4j-hotpatch-enabled-metadata.lz4'
...

bash-5.1# find /var/lib/bottlerocket/datastore/current/ -name '*log4j*'
/var/lib/bottlerocket/datastore/current/live/settings/oci-hooks/log4j-hotpatch-enabled

bash-5.1# cat /etc/shimpei/shimpei-hooks.json
{
  "hooks": {
    "prestart": [
      { "path": "/usr/libexec/hotdog/hotdog-cc-hook" }
    ],
    "poststart": [
      { "path": "/usr/libexec/hotdog/hotdog-poststart-hook" }
    ]
  }
}

Upgrade to 1.15.0 again:

Welcome to Bottlerocket OS 1.15.0 (aws-ecs-1)!
...
[    4.626589] migrator[443]: 00:54:45 [INFO] Running migration 'migrate_v1.15.0_log4j-hotpatch-enabled-metadata.lz4'
[    4.723218] migrator[443]: 00:54:45 [INFO] Running migration 'migrate_v1.15.0_deprecate-log4j-hotpatch-enabled.lz4'
...

bash-5.1# find /var/lib/bottlerocket/datastore/current/ -name '*log4j*'
/var/lib/bottlerocket/datastore/current/live/services/log4j-hotpatch-enabled
/var/lib/bottlerocket/datastore/current/live/configuration-files/log4j-hotpatch-enabled-log-message
/var/lib/bottlerocket/datastore/current/live/settings/oci-hooks/log4j-hotpatch-enabled.affected-services
/var/lib/bottlerocket/datastore/current/live/settings/oci-hooks/log4j-hotpatch-enabled

bash-5.1# cat /etc/shimpei/shimpei-hooks.json
{
  "hooks": {
    "prestart": [
    ],
    "poststart": [
    ]
  }
}

bash-5.1# cat /etc/deprecated-settings/log4j-hotpatch-enabled
DEPRECATED_SETTING=oci-hooks.log4j-hotpatch-enabled

@bcressey bcressey merged commit 2108507 into bottlerocket-os:develop Sep 2, 2023
48 checks passed
@bcressey bcressey mentioned this pull request Sep 7, 2023
Closed
@arnaldo2792 arnaldo2792 deleted the deprecate-log4j branch January 29, 2024 16:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcressey bcressey bcressey approved these changes

@yeazelm yeazelm yeazelm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

remove log4j hotpatch and deprecate the setting
3 participants
@arnaldo2792 @bcressey @yeazelm