Details
Description
By default, Nexus uses the following key pool as its PGP server:
http://pool.sks-keyservers.net:11371
As demonstrated below, this resolves to different hosts:
$ host pool.sks-keyservers.net pool.sks-keyservers.net has address 162.243.93.15 pool.sks-keyservers.net has address 173.175.198.28 pool.sks-keyservers.net has address 178.250.210.95 pool.sks-keyservers.net has address 188.40.206.8 pool.sks-keyservers.net has address 192.71.151.126 pool.sks-keyservers.net has address 193.224.163.43 pool.sks-keyservers.net has address 198.128.3.63 pool.sks-keyservers.net has address 208.89.139.251 pool.sks-keyservers.net has address 91.205.174.236 pool.sks-keyservers.net has address 131.155.141.70 pool.sks-keyservers.net has IPv6 address 2a01:4f8:192:806c::2 pool.sks-keyservers.net has IPv6 address 2a01:4f8:d13:a85::2 pool.sks-keyservers.net has IPv6 address 2a03:580:f001:103::2 pool.sks-keyservers.net has IPv6 address 2001:67c:26b4::2c6b pool.sks-keyservers.net has IPv6 address 2001:6f8:124e::1 pool.sks-keyservers.net has IPv6 address 2001:718:1e03:801::17 pool.sks-keyservers.net has IPv6 address 2001:41d0:1:bc3e::1 pool.sks-keyservers.net has IPv6 address 2001:41d0:8:44d7::1:1 pool.sks-keyservers.net has IPv6 address 2405:1000:10:309::101 pool.sks-keyservers.net has IPv6 address 2a00:b9c0:e::4
We've found that sometimes Nexus will fail a closing staging repository because one of the selected hosts is unreachable. Performing the close again will succeed, because another host is usually selected.
Can we make Nexus retry connection to the PGP server on failure? Optimally, the retry should include another DNS lookup.
This doesn't happen that often (order of 1/100, maybe?) but it is causing failing tests in CI. We can use a workaround for now.
Thanks!