incorrect permissions on log4j-core.jar

[fivovic]

Deploying rome.latest fails during the upgrade step due to root:root permissions on /opt/agent/lib/log4j-core.jar:

/opt/agent/logs/dist_upgrade.log.0 shows:

09/05/22 08:34:34 (936)  |  INFO  |  /opt/agent/lib/log4j-core.jar cannot be deleted: /opt/agent/lib/log4j-core.jar (Permission denied)
586706ms left to timeout for deleting files. Retrying in 1000ms...
09/05/22 08:34:35 (937)  |  INFO  |  /opt/agent/lib/log4j-core.jar cannot be deleted: /opt/agent/lib/log4j-core.jar (Permission denied)
585705ms left to timeout for deleting files. Retrying in 1000ms...

Loops for 300s, resulting in container death:

DOCKER MONITOR: /opt/agent/logs/agent0.log.0 last updated 320 sec ago
DOCKER MONITOR: /opt/agent/logs/agent0.log.0 was not updated for 300sec, MID server potentially frozen.
DOCKER MONITOR: Stopping MID server process 1 now!
DOCKER: Stop MID server
ServiceNow MID Server is not running.

Permissions within /opt/agent/lib/:

-rwxr-xr-x.  1 mid  mid    301872 Jul 21 12:39 log4j-api.jar
-rwxr-xr-x.  1 root root  1770485 Jul 30 20:17 log4j-core.jar
-rwxr-xr-x.  1 mid  mid     23702 Jul 21 12:39 log4j-over-slf4j.jar

I suspect line 63 is the cause due to running after a chown -R mid:mid /opt/* on line 33:

docker-mid-server/docker/Dockerfile

Line 63 in a8c0d4b

RUN zip -q -d /opt/agent/lib/log4j-core*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class || true

Adding this line below 63 and rebuilding the image does resolve the issue:

RUN chown mid:mid /opt/agent/lib/log4j-core*.jar

It is likely there is a more elegant solution, but this has worked for us.

[EricTherrien]

Experiencing the same issue with :rome, :sandiego and :tokyo.

Had to install with :quebec to be able to have ServiceNow upgrade to the correct version of the MID server.