When a team member restores nuget packages using donet, artifactory enters a loop with the errors below until the memory overflows.
The problem only happens when he adds in his Nuget.Config the tag protocolVersion="3"
<add key="Company" value="https://repo.company.com/artifactory/api/nuget/v3/rdi-nuget-virtual" protocolVersion="3" />
In the tests we noticed that the use of the protocolversion=3 tag causes this.
This tag is necessary because the download of the file is much faster
Anyone have an idea what it could be?
Could you help me please?
logs below
Version jfrog: 7.29.8 rev 72908900
2022-01-11T14:00:57.263Z [jfrt ] [WARN ] [6cdecc92eaf486c7] [.r.ArtifactoryResponseBase:136] [ttp-nio-8081-exec-43] - Sending HTTP error code 403: Download request for repo:path 'nuget-remote-cache:.nuGetV3/feed.json' is forbidden for user: 'lcunha'.
2022-01-11T14:00:57.264Z [jfrt ] [ERROR] [6cdecc92eaf486c7] [etV3VirtualAndRemoteCommon:274] [ttp-nio-8081-exec-43] - Failed to download resource in repo: nuget-remote, at url: https://api.nuget.org/v3/index.json. HTTP STATUS CODE: 403
2022-01-11T14:00:57.264Z [jfrt ] [ERROR] [6cdecc92eaf486c7] [etV3VirtualAndRemoteCommon:133] [ttp-nio-8081-exec-43] - Failed to convert artifactory url (https://repostaging.companysoftware.com:443/artifactory/api/nuget/v3/company-nuget-virtual/registration-semver2) to original remote url for repo: nuget-remote, package: xunit.core
java.lang.NullPointerException: null
at java.base/java.util.Objects.requireNonNull(Objects.java:221)
2022-01-11T14:01:56.786Z [jfrou] [ERROR] [2016c910242342cc] [external_topology.go:82 ] [main ] - Failed fetching external topology from Access: Get "http://localhost:8040/access/api/v1/topology": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
2022-01-11T14:02:04.871Z [jfrou] [WARN ] [7f3fb3a30ade9665] [local_topology.go:268 ] [main ] - Readiness test failed with the following error: "required node services are missing or unhealthy"
2022-01-11T14:02:09.877Z [jfrou] [ERROR] [7f3fb3a30ade9665] [local_topology.go:128 ] [main ] - periodic send heartbeat failed for 4 consecutive times. Last error: failed sending heartbeat information to Access: failed closing Access grpc client: closing heartbeat client and waiting for response timed-out
java.lang.OutOfMemoryError: Java heap space
-XX:OnOutOfMemoryError="kill -9 %p"
Executing /bin/sh -c "kill -9 3974"...
2022-01-11T14:02:11.185Z [jfrou] [WARN ] [5a89519a8048b91d] [local_topology.go:268 ] [main ] - Readiness test failed with the following error: "required node services are missing or unhealthy"
2022-01-11T14:02:11.196Z [jfrou] [ERROR] [79bb63bc55c1ed15] [external_topology.go:82 ] [main ] - Failed fetching external topology from Access: Get "http://localhost:8040/access/api/v1/topology": read tcp 127.0.0.1:55970-127.0.0.1:8040: read: connection reset by peer
2022/01/11 14:02:11 httputil: ReverseProxy read error during body copy: read tcp 127.0.0.1:56788->127.0.0.1:8045: read: connection reset by peer
2022/01/11 14:02:11 httputil: ReverseProxy read error during body copy: read tcp 127.0.0.1:56788->127.0.0.1:8045: read: connection reset by peer
2022/01/11 14:02:11 httputil: ReverseProxy read error during body copy: read tcp 127.0.0.1:56788->127.0.0.1:8045: read: connection reset by peer
2022-01-11T14:02:11.208Z 35[jfob ] [WARN ] [1ed879c85a5af005] [access_join.go:70 ] [main ] - Refreshing platform config change events gRPC stream - target server is unavailable - if issue persists check communication with access [access_client]
/opt/jfrog/artifactory/app/bin/artifactory.sh: line 359: 3974 Killed $TOMCAT_HOME/bin/catalina.sh run
Can you share your setup?
-The application server is the CentOS Linux release 7.9.2009 (Core)
-MySQL as backend Database
-Also, we are using the Apache as reverse proxy to apply the SSL certificate.
How are you running Artifactory?
-The Artifactory is container based: releases-docker.jfrog.io/jfrog/artifactory-pro:7.29.8
How much resources to you give it? Memory and CPU
The server has allocated:
2 vCPU
16 GB RAM
SSD
What are the java memory settings? Mostly interested in heap settings (Xms and Xmx)?
We are using the standard configuration. No changes were made in the Xms and Xms parameters.
As you are using Artifactory v7.x? You may refer to our System Requirements wiki page for the recommended hardware based on your environment.
Also, from on the error message shared, it looks like the user does not have proper permissions hence we see 403 errors. Please do validate and assign the required permissions to the user and let us know the results.
Sending HTTP error code 403:
Download request for repo:
path 'nuget-remote-cache:.nuGetV3/feed.json' is forbidden for user: 'lcunha'.
Related
I'm in the process of upgrading and migrating Artifactory version 6.11 (zip install, housed on RH7) to the 7.35 version (housed on a new server and hostname, rpm install). I'm doing this on a cloned VM as a test, so the only thing that is different from our original system is the hostname. As the documentation recommends, I first upgraded 6.11 to 7.35 and everything seemed to go well. I followed the upgrade steps and the migration.sh script completed successfully.
The major issue I'm having is that when I go into Artifacts, the 'url to file' is bringing up a 502 Bad Gateway nginx error. It seems to me that a pointer is incorrect somewhere and I'm confused as to where it could be. The upgrade was successful, so I know the data is there, but Artifactory is not able to link to it properly.
Update/clarification: To improve my description: When I head into Application bar / Artifactory / Artifacts and select a repo from the left-hand column, the 'url to file' fails to load. I'm assuming this is the tree view?
On the server that is currently working, a url such as https://acme/artifactory/repo leads to a directory listing. However, on the new server, a url such as https://new-acme-server/artifactory/repo would lead to a 502 Bad Gateway or an nginx error if I use http (no cert is installed on the test VM, but is installed on the orignal server).
In v7.35, I went into the 'http settings' and switched the server provider as both nginx and apache (Tomcat was set as default) and while the site operated fine under both, the url to the repo files still fails with an nginx error, regardless of the server provider.
When I did a full system export of the original server, the documentation had me uncheck "Exclude data". I also exported the repos out as well and imported those in via a path. Everything seems to show up correctly just like on the original server, but I'm still unable to view a directory listing when I click on the url.
Could it be the location of the filestore being different? If so, how would I go about pointing it to the right location?
V7.35: /opt/jfrog/artifactory/var/data/artifactory/filestore
V6.11: /opt/artifactory/artifactory-pro-6.11.3/data/filestore
The base URL is the same as the original installation http(s)://domain/artifactory
Output from artifactory-service.log
2022-03-25T16:58:40.429Z [jfrt ] [INFO ] [3bb67ba1f30d560e] [ifactoryApplicationContext:564] [ttp-nio-8081-exec-10] - Artifactory application context set to READY by reload
2022-03-25T16:58:40.430Z [jfrt ] [INFO ] [3bb67ba1f30d560e] [c.CentralConfigServiceImpl:933] [ttp-nio-8081-exec-10] - Configuration reloaded.
2022-03-25T17:09:04.013Z [jfrt ] [INFO ] [708a8ae7c307ec92] [c.CentralConfigServiceImpl:914] [http-nio-8081-exec-5] - Reloading configuration... old revision 212, new revision 213
2022-03-25T17:09:04.121Z [jfrt ] [INFO ] [708a8ae7c307ec92] [c.CentralConfigServiceImpl:542] [http-nio-8081-exec-5] - New configuration with revision 213 saved.
2022-03-25T17:09:04.121Z [jfrt ] [INFO ] [708a8ae7c307ec92] [ifactoryApplicationContext:564] [http-nio-8081-exec-5] - Artifactory application context set to NOT READY by reload
2022-03-25T17:09:04.181Z [jfrt ] [INFO ] [708a8ae7c307ec92] [ifactoryApplicationContext:564] [http-nio-8081-exec-5] - Artifactory application context set to READY by reload
2022-03-25T17:09:04.181Z [jfrt ] [INFO ] [708a8ae7c307ec92] [c.CentralConfigServiceImpl:933] [http-nio-8081-exec-5] - Configuration reloaded.
2022-03-25T17:36:47.707Z [jfrt ] [INFO ] [d7bb51eedd93b03c] [aseBundleCleanupServiceImpl:84] [art-exec-20 ] - Starting to cleanup incomplete Release Bundles
2022-03-25T17:36:47.708Z [jfrt ] [INFO ] [d7bb51eedd93b03c] [b.ReleaseBundleServiceImpl:415] [art-exec-20 ] - Finished deleting orphan/unidentified items from _intransit repository
2022-03-25T17:36:47.709Z [jfrt ] [INFO ] [d7bb51eedd93b03c] [aseBundleCleanupServiceImpl:90] [art-exec-20 ] - Finished incomplete Release Bundles cleanup
Your filestore location for both Artifactory 6 and Artifactory7 is correct.
This indicates to me that the issue is with your reverse proxy.
In order to confirm, can you check the below two things.
Open your Artifactory on its IP and Port.
http://localhost:8082/ (The default port will be 8082 if you have not modified). Now go to tree view in Application tab of Artifactory and try to download a specific file. If you are able to download, then the issue is might not be with filestore or upgrade. Mostly it should be reverse proxy.
In that case, navigate to Artifactory > Administration > Artifactory > HTTP Settings > Genereate new settings > Place in reverse proxy and restart.
In the above test, if you are still not able to download, then check in the logs ($JFROG_HOME/artifactory/var/log/artifactory-service.log) if you are observing a message something similar to the below.
2022-03-24T20:15:35.072Z [jfrt ] [WARN ] [2a73d62655afd1ad] [.r.ArtifactoryResponseBase:136] [http-nio-8081-exec-9] - Sending HTTP error code 500: Could not process download request: Binary provider has no content for '165c79f8dff2f9e7d3ccadcbc295f7ef8e6e95f0'
If yes, then it indicates that, Artifactory is not able to find the binary. If none of the above helped, post the log snippet from the above log file here while you are trying to download a file along with the file name.
For your update/clarification questions, please allow me to clarify.
In Artifactory 6.x Artifactory was acting as both the server and UI, therefore you could use the "http://acme/artifactory URL, however in Artifactory 7.x, Artifactory changed to work with multiple microservices, and the UI has moved to its own microservice (now it is named "Frontend"). You can try access the "Native Browser" by using this URL http://acme/ui/native/REPOSITORY/.
To add to the above and to Ganapathi's reply, the URL for your Artifactory has changed from http://acme:8081/artifactory to http://acme:8082 since Artifactory is now utilizing the "router" (external port is 8082 and internal 8046) microservice to redirect all the requests to the respective microservices. You can check the full list here.
I hope this clarifies more.
What reasons could there be that a push of a docker image to an Artifactory repo could crash the entire app?
The symptoms I see are that a layer hangs during the push:
ยป docker push my-repo/my-app:20211207-afdf6438-test
The push refers to repository [my-repo/my-app]
d4cde41bcf33: Layer already exists
ac14050b2264: Layer already exists
27e5cc646fd0: Pushing [==================================================>] 562.7MB
797b1ec2507f: Layer already exists
34de87854e34: Layer already exists
cde140fcdbee: Layer already exists
be3883e87d34: Layer already exists
9ec86c039eae: Layer already exists
371ce8b24b31: Layer already exists
7e718b9c0c8c: Layer already exists
It hangs on pushing that layer, then Artifactory becomes unresponsive until it finally restarts itself, which takes a while.
When this happens, the logs don't give me much to go on.
2021-12-09T20:06:01.066Z [jfrt ] [INFO ] [44ac995c9c11dc2e] [o.a.e.UploadServiceImpl:465 ] [http-nio-8081-exec-2] - Deploy to 'docker-local:my-app/_uploads/60766841-fac7-4781-b325-da9ef66ba2cf' Content-Length: 1 (estimation) artificial: false
2021-12-09T20:06:27.249Z [jfrt ] [INFO ] [ ] [ffectedConfigStreamObserver:32] [Stream_1639080147248] - publishing full invalidation and attempting to resubscribe to affected configuration changes
2021-12-09T20:06:28.145Z [jfrt ] [INFO ] [ ] [ffectedConfigStreamObserver:32] [Stream_1639080153144] - publishing full invalidation and attempting to resubscribe to affected configuration changes
2021-12-09T20:06:29.646Z [jfrt ] [INFO ] [ ] [ectedEntitiesStreamObserver:35] [Stream_1639080154645] - publishing full invalidation and attempting to resubscribe to affected permissions changes
2021-12-09T20:07:26.615Z [jfrt ] [ERROR] [59398681a5a1be14] [o.j.a.c.h.AccessHttpClient:136] [http-nio-8081-exec-6] - Error while executing /api/v1/users/ on access. Exception message: Read timed out
2021-12-09T20:07:51.686Z [jfrt ] [ERROR] [6a934e4bf3e126b4] [o.j.a.c.h.AccessHttpClient:136] [http-nio-8081-exec-4] - Error while executing /api/v1/users/ on access. Exception message: Read timed out
2021-12-09T20:07:56.622Z [jfrt ] [ERROR] [2fe4c5688866ed57] [o.j.a.c.h.AccessHttpClient:136] [http-nio-8081-exec-8] - Error while executing /api/v1/users/ on access. Exception message: Read timed out
2021-12-09T20:07:56.622Z [jfrt ] [ERROR] [2b94004eb23bb041] [o.j.a.c.h.AccessHttpClient:136] [ttp-nio-8081-exec-12] - Error while executing /api/v1/users/ on access. Exception message: Read timed out
Terminating Artifactory
This is self-hosted Artifactory 7.27.10 running in Kubernetes
This was a disk performance problem. I use EFS for my Artifactory data volume. For some reason still unknown to me, Artifactory started requiring higher IOPS than the EFS volume could provide. I was able to solve the problem by changing the EFS volume to provisioned IOPS.
Pulls worked fine, because my backing datastore is s3. So the problem only manifested on pushes, after all the docker layers were uploaded, and when log files were written to the EFS volume. It was on log writes that the system choked and restarted.
When executing the Artifactory version 7.4.3, I see below error, and I changed as per the jfrog artifactory could not validate router error but still same error, can someone please advise. Thanks.
failed initializing Access client: Cluster join: Service registry ping failed; context deadline exceeded. last error: Error while trying to connect to local router at address 'http://localhost:8046/access': Get http://localhost:8046/access/api/v1/system/ping: dial tcp 127.0.0.1:8046: connect: connection refused
System.Yaml file:
shared:
## Security Configuration
security:
## Maximum time to wait for key files (master.key and join.key)
#bootstrapKeysReadTimeoutSecs: 120
## Join key value for joining the cluster (takes precedence over 'joinKeyFile')
#joinKey: "<Your joinKey>"
## Join key file location
#joinKeyFile: "<For example: JFROG_HOME/artifactory/var/etc/security/join.key>"
## Master key file location
## Generated by the product on first startup if not provided
#masterKeyFile: "<For example: JFROG_HOME/artifactory/var/etc/security/master.key>"
## Node Settings
node:
## Default: auto resolved by startup script
ip: 172.24.18.44
## Sets this node as primary in HA installation
#primary: true
## A unique id to identify this node.
## Default: auto generated at startup.
#id: "art1"
## Sets this node as part of HA installation
#haEnabled: true
Below is the error from router-service.log, i don't find the shared node ip in router-service.log
[join_executor.go:148 ] [main ] - Cluster join: Retry 120: Service registry ping failed, will retry. Error: Could not parse error from service registry, status code: 404
after updating the system.yaml file:
shared:
node:
ip: 172.24.18.44
router-service.log
2020-05-19T04:36:48.559Z [jfrou] [INFO ] [660aef287984ef11] [bootstrap.go:73 ] [main ] - JFrog Router IP: 172.24.18.44
2020-05-19T04:36:48.562Z [jfrou] [INFO ] [660aef287984ef11] [bootstrap.go:165 ] [main ] - System configuration encryption report:
shared.newrelic.licenseKey: does not exist in the config file
shared.security.joinKeyFile: file '/apps/artifactory-pro-7.4.3/var/etc/security/join.key' - already encrypted
2020-05-19T04:36:48.563Z [jfrou] [INFO ] [660aef287984ef11] [bootstrap.go:78 ] [main ] - JFrog Router Service ID: jfrou#01e8nfmn4nqdr5ay9q2225f6v6
2020-05-19T04:36:48.563Z [jfrou] [INFO ] [660aef287984ef11] [bootstrap.go:79 ] [main ] - JFrog Router Node ID: tsrca24l
2020-05-19T04:37:22.945Z [jfrou] [INFO ] [660aef287984ef11] [join_executor.go:148 ] [main ] - Cluster join: Retry 5: Service registry ping failed, will retry. Error: Get http://localhost:8040/access/api/v1/system/ping: context deadline exceeded
#kumar the system.yaml is not accurate. The node section should be indented under shared as below. You can remove the security section completely.
shared:
node:
ip: <your ip>
Since upgrading to 6.8.7 using the rpm on RHEL 7, using systemctl start artifactory fails
Looking in the log its failing at this point
2019-03-16 09:50:28,952 [art-init] [INFO ] (o.a.s.a.ArtifactoryAccessClientConfigStore:593) - Using Access Server URL: http://localhost:8040/access (bundled) source: detected
2019-03-16 09:50:29,379 [art-init] [INFO ] (o.a.s.a.AccessServiceImpl:353) - Waiting for access server...
2019-03-16 09:50:30,625 [art-init] [WARN ] (o.j.a.c.AccessClientHttpException:41) - Unrecognized ErrorsModel by Access. Original message: Failed on executing /api/v1/system/ping, with response: Not Found
2019-03-16 09:50:30,634 [art-init] [ERROR] (o.a.s.a.AccessServiceImpl:364) - Could not ping access server: {}
org.jfrog.access.client.AccessClientHttpException: HTTP response status 404:Failed on executing /api/v1/system/ping, with response: Not Found
Previously we would get
2019-03-13 09:56:06,293 [art-init] [INFO ] (o.a.s.a.ArtifactoryAccessClientConfigStore:593) - Using Access Server URL: http://localhost:8040/access (bundled) source: detected
2019-03-13 09:56:06,787 [art-init] [INFO ] (o.a.s.a.AccessServiceImpl:353) - Waiting for access server...
2019-03-13 09:56:24,068 [art-init] [INFO ] (o.a.s.a.AccessServiceImpl:360) - Got response from Access server after 17280 ms, continuing.
Any suggestions on debugging whether this access server has started ?
Further to this I found logs showing when it worked it used to start a jar file
2019-03-08 09:19:11,609 [localhost-startStop-2] [INFO ] (o.j.a.AccessApplication:48) - Starting AccessApplication v4.1.48 on hostname.nexor.co.uk with PID 5913 (/opt/jfrog/artifactory/tomcat/webapps/access/WEB-INF/lib/access-application-4.1.48.jar started by artifactory in /)
Now when i look I find /opt/jfrog/artifactory/tomcat/webapps/access/ is empty so there is no jar file to run
The rpm did deliver an access.war file and that is there
$ ls -l /opt/jfrog/artifactory/webapps
total 104692
-rwxrwxr-x. 1 root root 51099759 Mar 14 12:14 access.war
-rwxrwxr-x. 1 root root 56099348 Mar 14 12:14 artifactory.war
Is there some manual step I can run to expand this war file to get the jar (as you can guess I am not up on my java apps)
Eventually got it working by deleting the empty /opt/jfrog/artifactory/tomcat/webapps/access directory and a new one containing the required jar files got created.
Not sure why this happened but that got it working for me
I had similar problem on CentOS 7, the solution was downgrade the newly updated java packages by running this command:
yum downgrade java-1.8.0*
After that restart the artifactory:
systemctl restart artifactory
Try changing the port number under your tomcat\conf\server.xml from 8081 to a different, unused port. Then, restart the Artifactory service to ensure the change takes effect.
when we try to submit a transaction, it always failed, and from the Corda log, below is the last error message we got, anyone can help what does this error mean? How should I further do the trouble shooting. Thanks.
[INFO ] 2018-08-24T07:49:19,739Z [Node thread-1] flow.[c833dc79-501e-4484-9c43-a6924b472542].initiateSession - Initiating flow session with party O=CompanyC, L=Paris, C=FR. Session id for tracing purposes is SessionId(toLong=4256917187941908080). {}
[WARN ] 2018-08-24T07:50:01,777Z [Messaging DLGQRf63MNQ2zpywoVzUZ3eBVB4Yp5oaA5aYSogUwzuCCA] messaging.P2PMessagingClient.sendWithRetry - Reached the maximum number of retries (3) for message ClientMessageImpl[messageID=0, durable=true, address=internal.peers.DL2zA4g5QWv3dzx985Q9PMcvrNX4DUGv2pc7DcVjNgA8Hj,userID=null,properties=TypedProperties[platform-version=3,corda-vendor=Corda Open Source,release-version=3.2-corda,platform-topic=platform.session,_AMQ_DUPL_ID=8473dd65-96e3-4a45-8076-92016a03c56c]] redelivery to internal.peers.DL2zA4g5QWv3dzx985Q9PMcvrNX4DUGv2pc7DcVjNgA8Hj {}
[WARN ] 2018-08-24T07:50:01,808Z [Messaging DLGQRf63MNQ2zpywoVzUZ3eBVB4Yp5oaA5aYSogUwzuCCA] messaging.P2PMessagingClient.sendWithRetry - Reached the maximum number of retries (3) for message ClientMessageImpl[messageID=0, durable=true, address=internal.peers.DL2zA4g5QWv3dzx985Q9PMcvrNX4DUGv2pc7DcVjNgA8Hj,userID=null,properties=TypedProperties[platform-version=3,corda-vendor=Corda Open Source,release-version=3.2-corda,platform-topic=platform.session,_AMQ_DUPL_ID=66467ea0-56b9-4655-8311-f0806bf7fa97]] redelivery to internal.peers.DL2zA4g5QWv3dzx985Q9PMcvrNX4DUGv2pc7DcVjNgA8Hj {}
This error would occur if one node cannot reach another node, e.g. due to the node being down or incorrect firewall settings. Use a tool to see whether you can ping the receiving node's messaging port from the sending node's machine.