jenkins-x-charts / nexus Goto Github PK

Hello,

I have this error when deploying the new nexus image 0.1.26. I think the script disable-anonymous-access.json is missing #49

jenkins-x-nexus-78b48677b8-pg9dw             0/1     PostStartHookError: command '/opt/sonatype/nexus/postStart.sh' exited with 1:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   454    0     0  100   454      0   1355 --:--:-- --:--:-- --:--:--  1355
curl: (22) The requested URL returned error: 400 Bad Request
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   458    0     0  100   458      0   5797 --:--:-- --:--:-- --:--:--  5797
curl: (22) The requested URL returned error: 400 Bad Request
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   460    0     0  100   460      0  10222 --:--:-- --:--:-- --:--:-- 10222
curl: (22) The requested URL returned error: 400 Bad Request
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   434    0     0  100   434      0   8857 --:--:-- --:--:-- --:--:--  8680
curl: (22) The requested URL returned error: 400 Bad Request
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   461    0     0  100   461      0  12131 --:--:-- --:--:-- --:--:-- 12131
curl: (22) The requested URL returned error: 400 Bad Request
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   452    0     0  100   452      0  12555 --:--:-- --:--:-- --:--:-- 12555
curl: (22) The requested URL returned error: 400 Bad Request
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   458    0     0  100   458      0   8980 --:--:-- --:--:-- --:--:--  9160
curl: (22) The requested URL returned error: 400 Bad Request
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   449    0     0  100   449      0   2453 --:--:-- --:--:-- --:--:--  2453
curl: (22) The requested URL returned error: 400 Bad Request
cat: /opt/sonatype/nexus/disable-anonymous-access.json: No such file or directory
                                             0       10m

Hello,
the nexus version 3.27 used by the image in chart version 0.1.41, is over 1 year old and contains several vulnerabilities as described in Sonatype's release notes at:
https://help.sonatype.com/repomanager3/release-notes/2021-release-notes
https://help.sonatype.com/repomanager3/release-notes/2020-release-notes

Please upgrade it to use the nexus3 version 3.34.1

Hello developers,

I have a question:

Why are following lines implemented twice ?

RUN chgrp -R 0 /nexus-data RUN chmod -R g+rw /nexus-data RUN find /nexus-data -type d -exec chmod g+x {} +

It is placed in the Dockerfile (which is in my opinion the right place) and in the postStart.sh script.
If it is so would you please delete the lines in the posStart.sh script because the image will not start if you need to run it without a securityContext in a set like a cluster of OpenShift. This is from a security point of view not accepted in OpenShift.

Thank you for your help.

Best regards
Sascha Vujevic

This chart is currently relying on a 10 month old 3.15.1 Nexus version and changes have not been pushed upstream to Helm repo (which is now aligned on Nexus 3.17).
We currently need to align with at least Nexus >= 3.16 (due to https://issues.sonatype.org/browse/NEXUS-19384 and because there are a handful of known CVE for Nexus <= 3.15.x and were wondering how we could do this in a clean way that could hopefully be contributed back.
I do see at least one PR trying to update to a newer version (#34) but tests apparently failed and it did not land.

To help the kubernetes scheduler especially the memory request and limit for nexus should be set. Since the CPU usage typically is low request and limit on cpu is not as important.

I tried out jx last night. While after get all installation done, jenkins complain can't upload artifacts to nexus due to 401 error.

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy (default-deploy) on project demo: Failed to deploy artifacts: Could not transfer artifact com.example:demo:jar:0.0.1 from/to local-nexus (http://nexus/repository/maven-releases/): Failed to transfer file: http://nexus/repository/maven-releases/com/example/demo/0.0.1/demo-0.0.1.jar. Return code is: 401, ReasonPhrase: Unauthorized. -> [Help 1]
[ERROR] 

I went to nexus portal and try to login with "admin:admin123", or "admin:rabbitblack", can't login it too.
I'm not sure whether my installation something wrong.
I checked maven settings in here, it should use "admin:admin123", is that correct?

Using:
NAME VERSION
jx 1.1.5
Jenkins X 0.0.348
Kubernetes v1.9.3-gke.0
Helm Client v2.8.1+g6af75a8
Helm Server v2.8.1+g6af75a8
Git git version 2.14.3 (Apple Git-98)

The fix to add jitpack.io as a repo doesn't seem to be working as I didn't get the repo in the latest update.

so that it's easier to add new nexus repositories / proxies, we should move these json file https://github.com/jenkins-x/nexus/tree/master/repositories to helm values.yaml so folks can customise their nexus installation.

Ever since adding resources section from c990966, when creating a new jx cluster, the Nexus Pod stays in ContainerCreating state indefinitely. Removing the resources fixed the issue.

I'm running it in n1-standard-2 nodes (7.5Gi) with auto-scaling so the problem is not in insufficient capacity. On top of the issue, specifying 4Gi initially seems a bit too much. Nexus at rest uses around 1.2Gi. 4Gi probably makes sense only for bigger operations with many artifacts and should probably not be the initial value.

postStart.sh doesn't seem to work with the new image from #48

Pod Events when running kubectl describe pod nexus-nexus-59b75cdd45-79725

  Type     Reason                  Age    From                                                        Message
  ----     ------                  ----   ----                                                        -------
  Normal   Scheduled               7m23s  default-scheduler                                           Successfully assigned jx/nexus-nexus-59b75cdd45-79725 to ip-192-168-23-139.ap-southeast-2.compute.internal
  Normal   SuccessfulAttachVolume  7m21s  attachdetach-controller                                     AttachVolume.Attach succeeded for volume "pvc-4e835d36-71a6-11ea-89cb-06cb35aa5b28"
  Warning  FailedPostStartHook     6m39s  kubelet, ip-192-168-23-139.ap-southeast-2.compute.internal  Exec lifecycle hook ([/opt/sonatype/nexus/postStart.sh]) for Container "nexus" in Pod "nexus-nexus-59b75cdd45-79725_jx(4e897578-71a6-11ea-89cb-06cb35aa5b28)" failed - error: command '/opt/sonatype/nexus/postStart.sh' exited with 22:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   273    0     0  100   273      0   7800 --:--:-- --:--:-- --:--:--  7800
curl: (22) The requested URL returned error: 410 Gone
, message: ".....pong\nLogin to nexus succeeded. Default password worked. Updating password if available...\nCreating admin_password repository script\n  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\n                                 Dload  Upload   Total   Spent    Left  Speed\n\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r100   273    0     0  100   273      0   7800 --:--:-- --:--:-- --:--:--  7800\ncurl: (22) The requested URL returned error: 410 Gone\n"
  Warning  FailedPostStartHook  6m16s  kubelet, ip-192-168-23-139.ap-southeast-2.compute.internal  Exec lifecycle hook ([/opt/sonatype/nexus/postStart.sh]) for Container "nexus" in Pod "nexus-nexus-59b75cdd45-79725_jx(4e897578-71a6-11ea-89cb-06cb35aa5b28)" failed - error: command '/opt/sonatype/nexus/postStart.sh' exited with 22:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   273    0     0  100   273      0   6825 --:--:-- --:--:-- --:--:--  6825
curl: (22) The requested URL returned error: 410 Gone
, message: "....pong\nLogin to nexus succeeded. Default password worked. Updating password if available...\nCreating admin_password repository script\n  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\n                                 Dload  Upload   Total   Spent    Left  Speed\n\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r100   273    0     0  100   273      0   6825 --:--:-- --:--:-- --:--:--  6825\ncurl: (22) The requested URL returned error: 410 Gone\n"
  Warning  FailedPostStartHook  5m40s  kubelet, ip-192-168-23-139.ap-southeast-2.compute.internal  Exec lifecycle hook ([/opt/sonatype/nexus/postStart.sh]) for Container "nexus" in Pod "nexus-nexus-59b75cdd45-79725_jx(4e897578-71a6-11ea-89cb-06cb35aa5b28)" failed - error: command '/opt/sonatype/nexus/postStart.sh' exited with 22:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   273    0     0  100   273      0   7583 --:--:-- --:--:-- --:--:--  7583
curl: (22) The requested URL returned error: 410 Gone
, message: "....pong\nLogin to nexus succeeded. Default password worked. Updating password if available...\nCreating admin_password repository script\n  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\n                                 Dload  Upload   Total   Spent    Left  Speed\n\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r100   273    0     0  100   273      0   7583 --:--:-- --:--:-- --:--:--  7583\ncurl: (22) The requested URL returned error: 410 Gone\n"

Hello!
I try install nexus chart

ErrImagePull: rpc error: code = Unknown desc = failed to resolve image "gcr.io/jenkinsxio/nexus:dev": no available          ↵
│ registry endpoint: failed to fetch anonymous token: unexpected status: 401 Unauthorized

I believe this is the same issue as issue #28 , however they have no detail in their issue.

NAME VERSION
jx - 2.0.581
jenkins x platform - 2.0.951
Kubernetes cluster - v1.14.3
kubectl - v1.14.3
helm client - Client: v2.14.2+ga8b13cc
git - 2.22.0.windows.1
Operating System - Windows 10 Pro 1903 build 18362

Events:

Type Reason Age From Message

Normal Scheduled 30s default-scheduler Successfully assigned jx/jenkins-x-nexus-6bc788447f-5dj9c to docker-desktop

Normal Pulled 19s (x2 over 29s) kubelet, docker-desktop Container image "gcr.io/jenkinsxio/nexus:0.1.7" already present on machine

Normal Created 19s (x2 over 29s) kubelet, docker-desktop Created container nexus

Normal Started 19s (x2 over 29s) kubelet, docker-desktop Started container nexus

Warning FailedPostStartHook 10s (x2 over 20s) kubelet, docker-desktop Exec lifecycle hook ([/opt/sonatype/nexus/postStart.sh]) for Container "nexus" in Pod "jenkins-x-nexus-6bc788447f-5dj9c_jx(6600ed4e-c0f8-11e9-a82a-00155d02e105)" failed - error: command '/opt/sonatype/nexus/postStart.sh' exited with 137: , message: ".."

Normal Killing 10s (x2 over 20s) kubelet, docker-desktop FailedPostStartHook

Warning BackOff 7s (x3 over 9s) kubelet, docker-desktop Back-off restarting failed container
`

Docker for Desktop Configuration is as follows:

CPUS: 4

Memory: 8192 MB

Swap: 1024 MB

Disk image max size: 59.6 GB

All of the rest of the pods come up successfully:

crier-576b9854b4-m9nrl 1/1 Running 1 48m
deck-5f79b74f46-kdxsb 1/1 Running 1 48m
deck-5f79b74f46-p5g7l 1/1 Running 1 48m
hook-bf4cdff5c-dgzdf 1/1 Running 2 48m
hook-bf4cdff5c-jxp86 1/1 Running 2 48m
horologium-c68d89485-f6pdp 1/1 Running 1 48m
jenkins-x-chartmuseum-d87cbb789-9pw46 1/1 Running 1 48m
jenkins-x-controllerbuild-757b98b76b-ls2q2 1/1 Running 1 48m
jenkins-x-controllerrole-5f84999ff6-4pft6 1/1 Running 1 48m
jenkins-x-controllerteam-5f7d9649cd-f6hcm 1/1 Running 1 48m
jenkins-x-docker-registry-69d666d455-94858 1/1 Running 1 48m
jenkins-x-heapster-ff6df6848-6lpms 2/2 Running 0 14m
jenkins-x-nexus-6bc788447f-5dj9c 0/1 CrashLoopBackOff 6 7m17s
pipeline-75bf8bc958-62kpm 1/1 Running 2 48m
pipelinerunner-597bf69b94-xcpp6 1/1 Running 1 48m
plank-58586dcfdf-fh9tc 1/1 Running 1 48m
sinker-665545d896-nkndp 1/1 Running 1 48m
tekton-pipelines-controller-786b485fc5-r2rlr 1/1 Running 1 48m
tekton-pipelines-webhook-56cd88ddb5-xtn4j 1/1 Running 1 48m
tide-75456796f5-x2dhc 1/1 Running 1 48m

I'm not sure exactly where the 137 is getting thrown from from within the postStart.sh.

10.51.242.255:5000/jenkinsxio/nexus:0.0.23