Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-6655

No retry when PGP host is unavailable

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Out of scope
    • Affects Version/s: 2.7.2
    • Fix Version/s: None
    • Component/s: Staging, Transport
    • Labels:
      None
    • Environment:
      Ubuntu 12.04 running in VMware

      Description

      By default, Nexus uses the following key pool as its PGP server:
      http://pool.sks-keyservers.net:11371

      As demonstrated below, this resolves to different hosts:

      $ host pool.sks-keyservers.net
      pool.sks-keyservers.net has address 162.243.93.15
      pool.sks-keyservers.net has address 173.175.198.28
      pool.sks-keyservers.net has address 178.250.210.95
      pool.sks-keyservers.net has address 188.40.206.8
      pool.sks-keyservers.net has address 192.71.151.126
      pool.sks-keyservers.net has address 193.224.163.43
      pool.sks-keyservers.net has address 198.128.3.63
      pool.sks-keyservers.net has address 208.89.139.251
      pool.sks-keyservers.net has address 91.205.174.236
      pool.sks-keyservers.net has address 131.155.141.70
      pool.sks-keyservers.net has IPv6 address 2a01:4f8:192:806c::2
      pool.sks-keyservers.net has IPv6 address 2a01:4f8:d13:a85::2
      pool.sks-keyservers.net has IPv6 address 2a03:580:f001:103::2
      pool.sks-keyservers.net has IPv6 address 2001:67c:26b4::2c6b
      pool.sks-keyservers.net has IPv6 address 2001:6f8:124e::1
      pool.sks-keyservers.net has IPv6 address 2001:718:1e03:801::17
      pool.sks-keyservers.net has IPv6 address 2001:41d0:1:bc3e::1
      pool.sks-keyservers.net has IPv6 address 2001:41d0:8:44d7::1:1
      pool.sks-keyservers.net has IPv6 address 2405:1000:10:309::101
      pool.sks-keyservers.net has IPv6 address 2a00:b9c0:e::4
      

      We've found that sometimes Nexus will fail a closing staging repository because one of the selected hosts is unreachable. Performing the close again will succeed, because another host is usually selected.

      Can we make Nexus retry connection to the PGP server on failure? Optimally, the retry should include another DNS lookup.

      This doesn't happen that often (order of 1/100, maybe?) but it is causing failing tests in CI. We can use a workaround for now.

      Thanks!

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            tcinel Tim Cinel
            Last Updated By:
            Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title