Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-9872

misconfigured docker proxy URL should log more details about critical failures at default log levels

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0-m7
    • Fix Version/s: 3.3.1
    • Component/s: Docker, Logging
    • Labels:
    • Story Points:
      1
    • Sprint:
      Formats/Core Team - Sprint 92, Formats/Core Team - Sprint 93

      Description

      Create a Docker proxy repository using https://registry.hub.docker.com instead of https://registry-1.docker.io .

      Do a pull with docker and the nexus.log will contain some WARN messages that are not helpful to understand what is wrong.

      2016-02-29 16:08:38,091-0400 WARN  [qtp454729937-1139] *UNKNOWN org.sonatype.nexus.repository.docker.internal.V1Handlers - Error: GET /v1/repositories/library/centos/tags/latest: 400 - org.sonatype.nexus.repository.docker.internal.V1Exception$InvalidJson: Invalid data
      2016-02-29 16:08:38,095-0400 WARN  [qtp454729937-1139] *UNKNOWN org.sonatype.nexus.repository.docker.internal.V1Handlers - Error: GET /v1/repositories/library/centos/tags/latest: 404 - org.sonatype.nexus.repository.docker.internal.V1Exception$TagNotFound: Tag not found
      2016-02-29 16:08:38,095-0400 WARN  [qtp454729937-1139] *UNKNOWN org.sonatype.nexus.repository.docker.internal.V1Handlers - Error: GET /v1/repositories/library/centos/tags/latest: 404 - org.sonatype.nexus.repository.docker.internal.V1Exception$TagNotFound: Tag not found
      

      The Docker client merely reports the image is not found.

      $ docker pull nexus.sonatype-support.com:19401/centos
      Using default tag: latest
      Pulling repository nexus.sonatype-support.com:19401/centos
      Tag latest not found in repository nexus.sonatype-support.com:19401/centos
      

      Now change the ROOT logger to DEBUG in nexus and you get more exact information that the remote content is not in the expected format, albeit the error is still obfuscated even for a nexus administrator:

      2016-02-29 16:01:03,500-0400 DEBUG [qtp454729937-887] *UNKNOWN org.sonatype.nexus.repository.cache.NegativeCacheFacetImpl - Removing PathNegativeCacheKey{path='/v1/repositories/centos/images'} from negative-cache of RepositoryImpl$$EnhancerByGuice$$733028cc{type=proxy, format=docker, name='docker-hub'}
      2016-02-29 16:01:03,501-0400 WARN  [qtp454729937-887] *UNKNOWN com.orientechnologies.orient.core.serialization.serializer.record.binary.ORecordSerializerBinary - Error deserializing record with id #11:57 send this data for debugging: AAphc3NldC0AAAA6LwAAADwxAAAAQysAAABJNwAAAAABAAABsTkAAAHXOwAAAdo9AAAB5T8AAAJAABIQDGRvY2tlco6o9enlVAgHCmNhY2hlAAAAgAwHEGNoZWNrc3VtAAAAmwwHDmNvbnRlbnQAAAEfDAcMZG9ja2VyAAABOgwCBxpsYXN0X3ZlcmlmaWVkAAAAlQbWqODp5VQEBwhzaGExAAAAtAcHDHNoYTI1NgAAAN0HUDNkZTQ5MTU3MGQ3YTQ4NDNjZDFjOGQzYTZiZTUwOGJkODZhMGU4NGOAATI5MjM5MTIxNjYwMjYzZGM3NDU5MDkxZmZiMzg5OThmNjAyMThhNmFkMjBjOGZhODQ5ZmEzOTUxYjM1NTU5Y2YCBxpsYXN0X21vZGlmaWVkAAABNAbEqeDp5VQEBxxjb250ZW50X2RpZ2VzdAAAAWEHBxRhc3NldF9raW5kAAABqgeOAXNoYTI1NjoyOTIzOTEyMTY2MDI2M2RjNzQ1OTA5MWZmYjM4OTk4ZjYwMjE4YTZhZDIwYzhmYTg0OWZhMzk1MWIzNTU1OWNmDElNQUdFU0p2MS9yZXBvc2l0b3JpZXMvbGlicmFyeS9jZW50b3MvaW1hZ2Vztr0BFHRleHQvcGxhaW6yAWRlZmF1bHRARDg5M0U2MEMtOUY0MTc5ODEtMEI4NDAxNEQtOTlFODhGQ0UtQjY5NkU2NDE6OGZiOWEyNTEtNDYwMi00N2M2LThiN2YtN2MwMTM5NzU5YzIzjqj16eVU 
      SLF4J: Failed toString() invocation on an object of type [org.sonatype.nexus.repository.view.Response]
      com.orientechnologies.orient.core.exception.ODatabaseException: Database instance is not set in current thread. Assure to set it with: ODatabaseRecordThreadLocal.INSTANCE.set(db);
      	at com.orientechnologies.orient.core.db.ODatabaseRecordThreadLocal.get(ODatabaseRecordThreadLocal.java:51)
      	at com.orientechnologies.orient.core.record.ORecordAbstract.getDatabase(ORecordAbstract.java:240)
      	at com.orientechnologies.orient.core.record.impl.ODocument.getGlobalPropertyById(ODocument.java:2155)
      	at com.orientechnologies.orient.core.record.impl.ODocumentInternal.getGlobalPropertyById(ODocumentInternal.java:60)
      	at com.orientechnologies.orient.core.serialization.serializer.record.binary.ORecordSerializerBinaryV0.getGlobalProperty(ORecordSerializerBinaryV0.java:280)
      
      

      Problem

      For unexpected conditions, Nexus WARN level nexus.log message is not providing enough detail at default log levels in order to diagnose the real problem. This leads to a support ticket and investigation.

      Expected

      When the configured Docker registry URL does not respond in the expected manner according to the supported API, then Nexus should log a more exact WARN level message with stack trace or better summary message describing the problem.

      WARN or ERROR Log messages about critical failures should not merely repeat what a client tool message already explains.

      Note that https://registry.hub.docker.com is NOT a valid endpoint for supported API

      Suggested log message instead of "Tag not found" or "invalid data" when the remote does not return valid data:

      log.warn("Is the remote url a valid {} endpoint? Remote URL {} did not return the expected API response: {}", "docker", absolute_remote_URL, exception.getMessage());
      

      It is debateable, that a 500 error be returned to the client instead of 404 when Nexus is knowingly misconfigured. However it is standard practice that when Nexus cannot find content for whatever reason, it returns 404. ( the fix keeps 404 being returned )

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cpeters Collin Peters
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title