Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-13046

Nexus 3 upgrade agent http client applies Nexus 2 server HTTP proxy server configuration on the fly possibly failing upgrade

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 3.3.0
    • Fix Version/s: None
    • Component/s: Migration
    • Labels:

      Description

      Nexus 3 uses HTTP requests to Nexus 2 during an upgrade.

      A requirement is that Nexus 3 must be able to resolve the Nexus 2 host name without an HTTP proxy server involved. Although, some users may have preconfigured Nexus 3 with HTTP Proxy server settings in order to reach Nexus 2 during the upgrade in order to work around that requirement.

      Additionally some users may migrate repositories piecemeal, or choose not to migrate Nexus 2 configuration, intermingling these disparate migrations with HTTP proxy settings which are fundamentally different from Nexus 2 and wish to never overwrite these general Nexus 3 server settings already configured.

      Reproduce

      1. Configure nexus 2 with HTTP Proxy server settings which do not include the Nexus 2 hostname under the non-proxy hosts list
      2. Start Nexus 3 upgrade agent using the Nexus 2 host name / base url
      3. During migration of configuration, the HTTP proxy server settings from Nexus 2 get applied in real time to the Nexus 3 HTTP migration client that is used to send migration related requests to Nexus 2.
      4. If the HTTP Proxy server configuration that was migrated does not include the Nexus 2 host name/IP address as part of it's non-proxy hosts list, then some migration related requests can fail going through the HTTP proxy, most commonly with 403 from the HTTP proxy server itself.

      Diagnosis

      Nexus 2.x request.log is missing all the expected /service/siesta/migrationagent requests, because some were routed through the HTTP proxy server and were stopped there.

      Nexus 3 nexus.log may report status codes for migration requests that are not present in the Nexus 2 request.log - for example:

      2017-04-26 13:15:39,132-0400 WARN  [plan-executor-6-thread-2] admin com.sonatype.nexus.migration.config.ConfigurationStep - Upgrade configuration: capability.iq failed
      javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
      	at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:216) [org.sonatype.nexus.siesta:3.3.0.01]
      	at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:189) [org.sonatype.nexus.siesta:3.3.0.01]
      	at org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:60) [org.sonatype.nexus.siesta:3.3.0.01]
      	at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:107) [org.sonatype.nexus.siesta:3.3.0.01]
      	at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76) [org.sonatype.nexus.siesta:3.3.0.01]
      	at com.sun.proxy.$Proxy240.get(Unknown Source) [na:na]
      	at com.sonatype.nexus.migration.config.ConfigurationIngesterSupport$Endpoint$get$0.call(Unknown Source) [na:na]
      	at com.sonatype.nexus.migration.config.ConfigurationIngesterSupport.get(ConfigurationIngesterSupport.groovy:71) [com.sonatype.nexus.plugins.nexus-migration-plugin:3.3.0.01]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_121]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_121]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_121]
      	at java.lang.reflect.Method.invoke(Method.java:498) [na:1.8.0_121]
      	at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210) [groovy-all:2.4.7]
      	at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:59) [groovy-all:2.4.7]
      	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:52) [groovy-all:2.4.7]
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:154) [groovy-all:2.4.7]
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:166) [groovy-all:2.4.7]
      	at com.sonatype.nexus.migration.config.ingesters.ClmIngester.ingest(ClmIngester.groovy:66) [com.sonatype.nexus.plugins.nexus-migration-plugin:3.3.0.01]
      	at com.sonatype.nexus.migration.config.ConfigurationIngester$ingest.call(Unknown Source) [na:na]
      	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) [groovy-all:2.4.7]
      	at com.sonatype.nexus.migration.config.ConfigurationIngester$ingest.call(Unknown Source) [na:na]
      	at com.sonatype.nexus.migration.config.ConfigurationStep.doRun(ConfigurationStep.groovy:62) [com.sonatype.nexus.plugins.nexus-migration-plugin:3.3.0.01]
      	at com.sonatype.nexus.migration.plan.Step.run(Step.groovy:271) [com.sonatype.nexus.plugins.nexus-migration-plugin:3.3.0.01]
      	at com.sonatype.nexus.migration.plan.Step$run$1.call(Unknown Source) [na:na]
      	at com.sonatype.nexus.migration.plan.StepExecutor.runSync(StepExecutor.groovy:168) [na:na]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_121]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_121]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_121]
      	at java.lang.reflect.Method.invoke(Method.java:498) [na:1.8.0_121]
      	at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) [na:na]
      	at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) [groovy-all:2.4.7]
      	at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:384) [groovy-all:2.4.7]
      	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1024) [groovy-all:2.4.7]
      	at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:69) [groovy-all:2.4.7]
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:166) [groovy-all:2.4.7]
      	at com.sonatype.nexus.migration.plan.StepExecutor$_runAsync_closure1.doCall(StepExecutor.groovy:197) [com.sonatype.nexus.plugins.nexus-migration-plugin:3.3.0.01]
      	at com.sonatype.nexus.migration.plan.StepExecutor$_runAsync_closure1.doCall(StepExecutor.groovy) [com.sonatype.nexus.plugins.nexus-migration-plugin:3.3.0.01]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_121]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_121]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_121]
      	at java.lang.reflect.Method.invoke(Method.java:498) [na:1.8.0_121]
      	at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) [na:na]
      	at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) [groovy-all:2.4.7]
      	at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294) [groovy-all:2.4.7]
      	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1024) [groovy-all:2.4.7]
      	at groovy.lang.Closure.call(Closure.java:414) [groovy-all:2.4.7]
      	at groovy.lang.Closure.call(Closure.java:408) [groovy-all:2.4.7]
      	at groovy.lang.Closure.run(Closure.java:495) [groovy-all:2.4.7]
      	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_121]
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_121]
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_121]
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_121]
      	at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
      

      Workaround

      Prior to migration, configure Nexus 2 proxy settings with the Nexus 2 hostname in the non-proxy hosts list. When the configuration is dynamically applied to Nexus 3, the requests going out to Nexus 2 will bypass the HTTP proxy server and continue to work.

      Expected

      The HTTP client used by the migration agent should be independent of any Nexus 2 specific migrated HTTP client settings.

      The use case of going through an HTTP proxy for migration purposes is not expected to be a common case. If it is, then users should work with their HTTP proxy and network administrators to ensure that Nexus 3 can successfully route requests to Nexus 2 using proxy settings as defined in Nexus 2.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title