Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-26642

a removed docker asset at a remote will cause an already cached docker asset to be removed from a proxy repository when component age expires

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.29.2, 3.31.1
    • Fix Version/s: 3.35.0
    • Component/s: Docker
    • Labels:
    • Story Points:
      5
    • Sprint:
      NXRM MadMax Sprint 17
    • Notability:
      3

      Description

      A general format convention for repository manager is if a remote removes a component that was already cached locally in a proxy repository, then repository manager should not automatically remove the already cached component.

      Repository manager also has facilities to clean up docker components which are not accessed after a period of time.

      However currently, when a docker asset (tag or layer) from a remote registry is removed, this results in the asset no longer being available in the proxy when the proxy makes an outbound request confirming that the remote does not contain the asset.

      Example Reproduce with the removal of a Docker tag

      1. Two Nexus instance. On one instance create a hosted docker repository, on the other create a proxy docker repository to the hosted repo.
      2. Upload an image to the hosted repo.
      3. Pull the image via the proxy repo.
      4. Delete the tag (asset) on the hosted repo.
      5. Invalidate the cache on the proxy repo.
      6. Request/access the tag asset via the proxy.

      The proxy request returns a 404 with:

      {"errors":[{"code":"MANIFEST_UNKNOWN","message":"manifest unknown"...}

      However the tag asset is still listed in the browse UI.

       

      The same can be reproduced with a removal of a layer and in that case a 404 with the following response is returned:

      {"errors":[{"code":"BLOB_UNKNOWN","message":"blob unknown to registry"..}

      Expected

      Do not automatically remove a cached asset when the remote reports it as not available. Instead it will be expected that cleanup policies/tasks will be used to cleanup stale docker assets in the proxy repository.

       

      Workaround 

      Set the "Component Max Age" setting in the proxy repository config to -1. This will prevent Nexus from checking the remote for component changes/updates.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mpiggott Matthew Piggott
              Reporter:
              hardeepn Hardeep Nagra
              Last Updated By:
              Peter Lynch Peter Lynch
              Team:
              NXRM - Mad Max
              Votes:
              3 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title