Issue:When a user tries to create a new instance using the AMI provided for TIBCO JasperReports® Server version 7.5.x and this instance is launched, the following errors were observed during the deployment as captured in the catalina log : | [toc] |
16-Sep-2021 00:37:11.010 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.69] 16-Sep-2021 00:37:11.063 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/var/lib/tomcat8/webapps/jasperserver-pro] 16-Sep-2021 00:37:41.631 SEVERE [localhost-startStop-1] org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/jasperserver-pro]] at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:755) ... Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: -28 at java.lang.String.substring(String.java:1931) at org.apache.catalina.webresources.DirResourceSet.listWebAppPaths(DirResourceSet.java:175) at org.apache.catalina.webresources.StandardRoot.listWebAppPaths(StandardRoot.java:148) ...
The Tomcat server failed to start successfully and users are unable to access the TIBCO JasperReports® Server login page.
Solution:
For TIBCO Jaspersoft® for AWS 7.5.*, the default version of installed Tomcat is 8.5.51. Amazon marked this version as a security vulnerable and added 8.5.69 in the AWS repository. When a user launches the instance on AWS, AWS checks the installed packages for vulnerabilities and if any is found, those packages will be updated. In this case, the Tomcat version is getting updated to the latest available version of 8.5 which is currently 8.5.69. However, this particular Tomcat version has a regression defect causing the above described issue.
The specific regression in Tomcat 8.5.69 is:
- Bug 65397 - NullPointerException during jar scanning with jar symlinked into WEB-INF/lib
which is subsequently fixed in 8.5.70 onwards through the following bug :
Bug 65433 - Possible StringIndexOutOfBoundsException for symlinks in DirResourceSet.listWebAppPaths
"Correct a regression in the fix for 65397 where a StringIndexOutOfBoundsException could be triggered if the canonical path of the target of a symlink was shorter than the canonical path of the directory in which the symlink had been created. Patch provided by Cedomir Igaly. (markt)"
Upgrading to Tomcat 8.5.70+ is a possible workaround option but taking into consideration that this version is not currently available in the AWS repository, it would require more manual steps to download the version directly from Apache website prior to installing. Instead, TIBCO Engineering has decided on planning to update the 7.5.x AMIs with a previous release of Tomcat 8.5.63 which does not seem to be marked for security vulnerability by Amazon. Until the AMIs are updated, the recommendation is to follow the workaround below to manually downgrade Tomcat to 8.5.63 which will bring the version of Tomcat in-line with the version that is planned.
Workaround:
Important: Take a backup of Tomcat and the Database
Option 1. Manually remove tomcat 8.5.69 and install 8.5.63
ssh into the instance and run the commands below:
sudo su service tomcat8 stop && yum erase tomcat8* -y && yum install tomcat8-8.5.63-1.87.amzn1.noarch -y && cat /etc/jasperserver/tomcat8.config >> /etc/tomcat8/tomcat8.conf && sed -i 's/8080/80/g' /etc/tomcat8/server.xml && sed -i 's~TOMCAT_SCRIPT="/usr/sbin/tomcat8"TOMCAT_SCRIPT="exec /usr/local/bin/authbind --deep /usr/sbin/tomcat8"' /etc/init.d/tomcat8 && chown -R tomcat:tomcat /usr/share/tomcat8 && chown -R tomcat:tomcat /var/lib/tomcat8 && chkconfig --add tomcat8 && chkconfig tomcat8 on && service tomcat8 start
Option 2. If using the Cloud Formation Template (CFT) for deployment
Update the template with two changes as highlighted in the screenshots below:
Image 1:
Image 2:
Note: The changes should work for Byol, Hourly or MT Hourly templates. Please find attached the BYOL Cluster Template for reference.
Recommended Comments
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now