Hi, Everyone.
Anyone has the same issue with me? I’m currently using Sonarqube 8-community, we were required by our Devops manager to upgrade it or remove the vulnerability related to log4j.
We mitigated the issue using removal of log4j in the Jndilookup class. Sonarqube is working as expected after it.
Just this month, sonarqube started to fail, it keeps on restarting with the message below.
Here is our docker-compose yaml file.
[root@apa-gittst-01 sonarqube]# cat docker-compose.yml
version: ‘3.3’
services:
postgresql:
image: postgres
restart: always
volumes:
- $PWD/db:/var/lib/postgresql/data
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
volumes:
- ./postgresql:/var/lib/postgresql
- ./postgresql_data:/var/lib/postgresql/data
sonarqube:
image: sonarqube:8-community
restart: always
ports:
- 9000:9000
- 9092:9092
volumes:
- ./sonarqube_conf:/opt/sonarqube/conf
- ./sonarqube_data:/opt/sonarqube/data
- ./sonarqube_extensions:/opt/sonarqube/extensions
- ./sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins
environment:
SONARQUBE_JDBC_USERNAME: sonar
SONARQUBE_JDBC_PASSWORD: sonar
SONARQUBE_JDBC_URL: jdbc:postgresql://postgresql/sonar
depends_on:
- postgresql
adminer:
image: adminer
restart: always
ports:
- 7070:8080
links:
- postgresql:db
depends_on:
- postgresql
14:32:21.692 [main] WARN org.sonar.application.config.AppSettingsLoaderImpl - Configuration file not found: /opt/sonarqube/conf/sonar.properties
2022.06.20 14:32:21 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonarqube/temp
2022.06.20 14:32:21 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001
2022.06.20 14:32:22 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/opt/sonarqube/elasticsearch]: /opt/sonarqube/elasticsearch/bin/elasticsearch
2022.06.20 14:32:22 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
2022.06.20 14:32:22 INFO app[][o.e.p.PluginsService] no modules loaded
2022.06.20 14:32:22 INFO app[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/config/properties/PropertiesConfigurationFactory
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91)
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.config.properties.PropertiesConfigurationFactory
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(Unknown Source)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(Unknown Source)
at java.base/java.lang.ClassLoader.loadClass(Unknown Source)
... 1 more
2022.06.20 14:32:23 WARN app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [es]: 1
2022.06.20 14:32:23 INFO app[][o.s.a.SchedulerImpl] Process[es] is stopped
2022.06.20 14:32:23 INFO app[][o.s.a.SchedulerImpl] SonarQube is stopped
Any help will be appreciated. Thanks!