Avi-indexer, vCenterMgr processes prior to Avi Loadbalancer 21.1.6 may fail due to use of log4j Java package
search cancel

Avi-indexer, vCenterMgr processes prior to Avi Loadbalancer 21.1.6 may fail due to use of log4j Java package

book

Article ID: 369260

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

In versions prior to 21.1.6, some processes in Avi such as the avi-indexer and vCenterManager may fail due to use of log4j Java packages.

These processes may continuously keep restarting and could cause issues in loading the logs/events etc.


The following error logs could be seen in /var/log/upstart/vCenterMgr.log

2024-05-23 12:43:34.651597 Forwarding process event to process event forwarder2024-05-23 12:43:34.656957 Forwarded process event to process event forwarder/run/systemd/system/env/avi-indexer.service.env found, sourcing../run/systemd/system/env/avi-indexer.service.env found, sourcing..Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/config/Configuration#011at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:82)Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.config.Configuration#011at java.net.URLClassLoader.findClass(URLClassLoader.java:387)#011at java.lang.ClassLoader.loadClass(ClassLoader.java:418)#011at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352)#011at java.lang.ClassLoader.loadClass(ClassLoader.java:351)#011... 1 more/run/systemd/system/env/avi-indexer.service.env found, sourcing..

 

The following error logs could be seen in /var/log/upstart/avi-indexer.log

2024-05-23 12:41:57.688020 Forwarding process event to process event forwarder2024-05-23 12:41:57.697570 Forwarded process event to process event forwarder/run/systemd/system/env/vcenter-mgr.service.env found, sourcing../run/systemd/system/env/vcenter-mgr.service.env found, sourcing..Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/log4j/Logger#011at com.avinetworks.infrastructure.vcenter.VC_Mgr.<clinit>(VC_Mgr.java:163)Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Logger#011at java.net.URLClassLoader.findClass(URLClassLoader.java:387)#011at java.lang.ClassLoader.loadClass(ClassLoader.java:418)#011at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352)#011at java.lang.ClassLoader.loadClass(ClassLoader.java:351)#011... 1 more/run/systemd/system/env/vcenter-mgr.service.env found, sourcing..

 

Although these are not part of the vulnerable log4j classes, The Log4j 1.2.x package had reached the End of License.

Resolution


- With the release of Avi 21.1.6 or 22.1.4 and above, dependency on Java based SDK for vcenterMgr has been removed along with the dependency of log4j framework used for logging purpose.

- Customers are strongly advised to upgrade to the latest Avi version, which includes all new features, security patches, and bug fixes

Powered by Wolken Software