Logstash: Running Logstash under Java 11 results in warnings about 'illegal reflective access'

Created on 26 Feb 2019  路  9Comments  路  Source: elastic/logstash

When running Logstash 6.7.0 Build Candidate with OpenJDK Java 11, warnings about IllegalReflectiveAccess are displayed:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.jruby.util.SecurityHelper (file:/Users/robbavey/test/6.7.0bc3/logstash-6.7.0/logstash-core/lib/jars/jruby-complete-9.2.6.0.jar) to field java.lang.reflect.Field.modifiers
WARNING: Please consider reporting this to the maintainers of org.jruby.util.SecurityHelper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release```

This appears to be related to a known issue in JRuby.

This comment describes a mitigation to avoid the warnings. Adding the following to jvm.options (caveat: only tested with a very simple pipeline) will allow Logstash to start without warning in Java 11, but prevents Logstash from starting up on Java 8:

--add-opens=java.base/java.lang=ALL-UNNAMED 
--add-opens=java.base/java.security=ALL-UNNAMED 
--add-opens=java.base/java.util=ALL-UNNAMED 
--add-opens=java.base/java.security.cert=ALL-UNNAMED 
--add-opens=java.base/java.util.zip=ALL-UNNAMED 
--add-opens=java.base/java.lang.reflect=ALL-UNNAMED 
--add-opens=java.base/java.util.regex=ALL-UNNAMED 
--add-opens=java.base/java.net=ALL-UNNAMED 
--add-opens=java.base/java.io=ALL-UNNAMED 
--add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/javax.crypto=ALL-UNNAMED
--add-opens=java.management/sun.management=ALL-UNNAMED
Java 11 Support
Source
picture robbavey
👍9

Most helpful comment

That's not working for me, and also adding --add-opens=java.base/sun.nio.ch=org.jruby.dist still doesn't do the trick, I get:

WARNING: Unknown module: org.jruby.dist specified to --add-opens

picture yagodorea on 12 Jun 2020
👍2

All 9 comments

Thanks for raising this @robbavey, if it makes a difference, this also impacts Logstash 7.1.0 running under Java 11

rwaight picture rwaight on 20 May 2019
👍1

@karenzone Note to self: Track this issue for other impacts.

karenzone picture karenzone on 22 May 2019

@karenzone also impacts Logstash 7.3.0

alilland picture alilland on 18 Sep 2019
👍1

Note to self: Known JRuby issue referenced earlier has been closed.

RELATED DOCS PR: #10498

karenzone picture karenzone on 19 Sep 2019

Documented in #11152 per issue #10498.

karenzone picture karenzone on 19 Sep 2019

The following line needs to be added to the documentation:

--add-opens=java.base/sun.nio.ch=org.jruby.dist

knutster picture knutster on 13 Feb 2020

That's not working for me, and also adding --add-opens=java.base/sun.nio.ch=org.jruby.dist still doesn't do the trick, I get:

WARNING: Unknown module: org.jruby.dist specified to --add-opens

yagodorea picture yagodorea on 12 Jun 2020
👍2

In case you need to open more access, here's a command to find which module provides which package ->

java --list-modules | tr @ " " | awk '{ print $1 }' | xargs -n1 java -d

the name of the module will be shown with the @ while the name of the packages without it

NOTE: tested with JDK 11

IMPORTANT: obviously is better than the provider of the package does not do the illegal access inf the first place

csaltos picture csaltos on 29 Jun 2020

@yagodorea I have the same issue.

Also, for some reason I'm also getting [ERROR][logstash.config.sourceloader] No configuration found in the configured sources. even though the conf file is in the path I specified. It works fine if I move the conf file to /etc/logstash/conf.d/ :(

dwasss picture dwasss on 7 Nov 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

packetrevolt picture packetrevolt  路  3Comments
bertramn picture bertramn  路  3Comments
amodakvnera picture amodakvnera  路  3Comments
max-wittig picture max-wittig  路  4Comments
cschotke picture cschotke  路  3Comments