Add log4j dependencies for creating log files #456
Conversation
|
When I follow the guide in https://stubby4j.com/#logging and https://hub.docker.com/r/azagniotov/stubby4j to try to create log files in mounted docker container volumes, the result is not expected, I got an error that said statusLogger Log4j2 could not find a logging implementation. |
|
Thank you for your PR, I will take a look next week 👍🏼
… On Jul 28, 2022, at 13:25, Izumi ***@***.***> wrote:
When I follow the guide in https://stubby4j.com/#logging and https://hub.docker.com/r/azagniotov/stubby4j to try to create log files in mounted docker container volumes, the result is not expected, I got an error that said statusLogger Log4j2 could not find a logging implementation.
So I find the log4j are constrained, but not added to dependencies, it doesn’t match the document.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because your review was requested.
|
conf/gradle/dependencies.gradle
Outdated
| @@ -27,6 +27,8 @@ dependencies { | |||
| var becauseMsg = "CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832: Log4j vulnerable to remote code execution and other critical security vulnerabilities" | |||
| println "> Building with log4j included in default dependencies" | |||
| api "org.apache.logging.log4j:log4j-slf4j-impl:${log4j2Version}" | |||
| api "org.apache.logging.log4j:log4j-api" | |||
| api "org.apache.logging.log4j:log4j-core" | |||
There was a problem hiding this comment.
@NoodleCookie hello!
Thank you again for your PR.
Just to confirm, the constraints Gradle clause defined below does not fetch the log4j-api and log4j-core JARs? Is this what you are observing? I was under the impression that this should work: https://docs.gradle.org/7.3/userguide/dependency_constraints.html#sec:adding-constraints-transitive-deps but you are seeing otherwise?
There was a problem hiding this comment.
Hello! First of all thank you for your reply.
In my observation, it did not fetch the JARs.
I hope this helps clarify the issue, the workflow I was executing:
- docker build --rm --no-cache -t stubby4j:latest docker/
- I used the docker-compose.yml in https://stubby4j.com like:
version: '3.5'
services:
stubby4j-jre11:
# 'root' - so that stubby4j can write 'logs' into host machine's directory mapped to container volume
user: root
image: stubby4j:latest
volumes:
- "./yaml:/home/stubby4j/data"
container_name: stubby4j_jre11
ports:
- 8884:8884
- 8891:8891
- 7445:7445
environment:
YAML_CONFIG: smoke-tests-stubs.yaml
LOCATION: 0.0.0.0
STUBS_PORT: 8884
ADMIN_PORT: 8891
STUBS_TLS_PORT: 7445
# https://stubby4j.com/#command-line-switches
WITH_ARGS: "--enable_tls_with_alpn_and_http_2 --debug --watch --keystore data/key.pkcs12 --password 123456"- but container's log alert that "stubby4j_jre11 | ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console..."
So I think it did not fetch the jars, and log file created when I add the dependencies.
I also do not quite understand why constrains here does not work as described in the documentation https://docs.gradle.org/7.3/userguide/dependency_constraints.html#sec:adding-constraints-transitive-deps .
There was a problem hiding this comment.
@NoodleCookie thanks for the confirmation!
Could I ask you to export another commit to the current PR:
- Let's get rid of the two
constraints {..}clauses - Please add
${log4j2Version}to theapiimports you have added. i.e.:
api "org.apache.logging.log4j:log4j-api:${log4j2Version}"
api "org.apache.logging.log4j:log4j-core:${log4j2Version}"
There was a problem hiding this comment.
@azagniotov Thank you for your timely reply. I have revised and verified this PR, it seems to be working.
|
@NoodleCookie I merged. The I will update version specific Docker images next week by cherry-picking your commit. Thanks! |
This pr is aim to add log4j to classpath.