Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-72717

Jira should remove old jar files of plugins from the shared home as part of an upgrade task when using ZDU

    • 49
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem Definition

      Plugins jar files that are used by Jira Data Center are located in <jira-shared-home>/plugins/installed-plugins folder.
      The jar files located there are copied to each node during startup to the plugins cache.

      During zero downtime upgrades (ZDU), Jira won't delete old files from the <jira-shared-home>/plugins/installed-plugins, since other nodes may still use these files.
      During startup you may notice entries in the atlassian-jira.log similar to the below:

      2021-08-17 17:01:20,480-0300 localhost-startStop-1 INFO      [c.a.j.application.install.PluginBundleInstaller] Application plugin '/shared-home/plugins/installed-plugins/jira-transition-triggers-plugin-8.5.9.jar' is currently locked by an in-progress Zero Downtime Upgrade, skipping clean up of old version
      

      If you rely on ZDU since it was introduced, you may have more than 5 jar files of the same plugin on <jira-shared-home>/plugins/installed-plugins which are copied to each node during startup.

      Suggested Solution

      On ZDU, upgrade tasks are executed after all nodes are on the target version.
      There should be an upgrade task to delete old files from <jira-shared-home>/plugins/installed-plugins, keeping only current ones.

      Workaround

      Review files <jira-shared-home>/plugins/installed-plugins folder and manually delete the old (duplicates) jar files.
      Perform a rolling restart, clearing the plugins cache on each node.

      Run the following on each node.

      1. Stop Jira following your standard procedure.
      2. Delete the following folders.
        <jira-local-home>/plugins/.bundled-plugins
        <jira-local-home>/plugins/.osgi-plugins
        
      3. Start Jira following your standard procedure.

          Form Name

            [JRASERVER-72717] Jira should remove old jar files of plugins from the shared home as part of an upgrade task when using ZDU

            This issue is one of the reasons why security scans still report CVEs in libraries even after an instance was successfully patched / upgraded.

            Tim Eddelbüttel added a comment - This issue is one of the reasons why security scans still report CVEs in libraries even after an instance was successfully patched / upgraded.

            Craig Castle-Mead added a comment - - edited

            Use the below at your own peril - however if you're running *nix, these may be helpful to remove everything older than the current and new versions, Run without the -delete flag to sanity check the output

            If anyone has any smart ways to remove all the older versions of other plugins (that have a variety of naming conventions/version numbers), it'd be great if you could share

            # Jira Software, assumes you're upgrading from 8.20.12 to 8.20.15 - change these values to suit your current/new version
            find . -name 'jira-software-*' ! -name '*8.20.12*' ! -name '*8.20.15*' ! -name '*language*' -delete
            
            # JSD/JSM , assumes you're upgrading from 4.20.12 to 4.20.15 - change these values to suit your current/new version
            find . -name 'servicedesk-*' ! -name '*4.20.12*' ! -name '*4.20.15*' -delete
            find . -name 'jira-servicedesk-*' ! -name '*4.20.12*' ! -name '*4.20.15*' -delete
            
            

            Craig Castle-Mead added a comment - - edited Use the below at your own peril - however if you're running *nix, these may be helpful to remove everything older than the current and new versions, Run without the -delete flag to sanity check the output If anyone has any smart ways to remove all the older versions of other plugins (that have a variety of naming conventions/version numbers), it'd be great if you could share # Jira Software, assumes you're upgrading from 8.20.12 to 8.20.15 - change these values to suit your current/ new version find . -name 'jira-software-*' ! -name '*8.20.12*' ! -name '*8.20.15*' ! -name '*language*' -delete # JSD/JSM , assumes you're upgrading from 4.20.12 to 4.20.15 - change these values to suit your current/ new version find . -name 'servicedesk-*' ! -name '*4.20.12*' ! -name '*4.20.15*' -delete find . -name 'jira-servicedesk-*' ! -name '*4.20.12*' ! -name '*4.20.15*' -delete

              Unassigned Unassigned
              tmasutti Thiago Masutti
              Votes:
              43 Vote for this issue
              Watchers:
              40 Start watching this issue

                Created:
                Updated: