What reasons could there be that a push of a docker image to an Artifactory repo could crash the entire app?
The symptoms I see are that a layer hangs during the push:
ยป docker push my-repo/my-app:20211207-afdf6438-test
The push refers to repository [my-repo/my-app]
d4cde41bcf33: Layer already exists
ac14050b2264: Layer already exists
27e5cc646fd0: Pushing [==================================================>] 562.7MB
797b1ec2507f: Layer already exists
34de87854e34: Layer already exists
cde140fcdbee: Layer already exists
be3883e87d34: Layer already exists
9ec86c039eae: Layer already exists
371ce8b24b31: Layer already exists
7e718b9c0c8c: Layer already exists
It hangs on pushing that layer, then Artifactory becomes unresponsive until it finally restarts itself, which takes a while.
When this happens, the logs don't give me much to go on.
2021-12-09T20:06:01.066Z [jfrt ] [INFO ] [44ac995c9c11dc2e] [o.a.e.UploadServiceImpl:465 ] [http-nio-8081-exec-2] - Deploy to 'docker-local:my-app/_uploads/60766841-fac7-4781-b325-da9ef66ba2cf' Content-Length: 1 (estimation) artificial: false
2021-12-09T20:06:27.249Z [jfrt ] [INFO ] [ ] [ffectedConfigStreamObserver:32] [Stream_1639080147248] - publishing full invalidation and attempting to resubscribe to affected configuration changes
2021-12-09T20:06:28.145Z [jfrt ] [INFO ] [ ] [ffectedConfigStreamObserver:32] [Stream_1639080153144] - publishing full invalidation and attempting to resubscribe to affected configuration changes
2021-12-09T20:06:29.646Z [jfrt ] [INFO ] [ ] [ectedEntitiesStreamObserver:35] [Stream_1639080154645] - publishing full invalidation and attempting to resubscribe to affected permissions changes
2021-12-09T20:07:26.615Z [jfrt ] [ERROR] [59398681a5a1be14] [o.j.a.c.h.AccessHttpClient:136] [http-nio-8081-exec-6] - Error while executing /api/v1/users/ on access. Exception message: Read timed out
2021-12-09T20:07:51.686Z [jfrt ] [ERROR] [6a934e4bf3e126b4] [o.j.a.c.h.AccessHttpClient:136] [http-nio-8081-exec-4] - Error while executing /api/v1/users/ on access. Exception message: Read timed out
2021-12-09T20:07:56.622Z [jfrt ] [ERROR] [2fe4c5688866ed57] [o.j.a.c.h.AccessHttpClient:136] [http-nio-8081-exec-8] - Error while executing /api/v1/users/ on access. Exception message: Read timed out
2021-12-09T20:07:56.622Z [jfrt ] [ERROR] [2b94004eb23bb041] [o.j.a.c.h.AccessHttpClient:136] [ttp-nio-8081-exec-12] - Error while executing /api/v1/users/ on access. Exception message: Read timed out
Terminating Artifactory
This is self-hosted Artifactory 7.27.10 running in Kubernetes
This was a disk performance problem. I use EFS for my Artifactory data volume. For some reason still unknown to me, Artifactory started requiring higher IOPS than the EFS volume could provide. I was able to solve the problem by changing the EFS volume to provisioned IOPS.
Pulls worked fine, because my backing datastore is s3. So the problem only manifested on pushes, after all the docker layers were uploaded, and when log files were written to the EFS volume. It was on log writes that the system choked and restarted.
Related
I'm in the process of upgrading and migrating Artifactory version 6.11 (zip install, housed on RH7) to the 7.35 version (housed on a new server and hostname, rpm install). I'm doing this on a cloned VM as a test, so the only thing that is different from our original system is the hostname. As the documentation recommends, I first upgraded 6.11 to 7.35 and everything seemed to go well. I followed the upgrade steps and the migration.sh script completed successfully.
The major issue I'm having is that when I go into Artifacts, the 'url to file' is bringing up a 502 Bad Gateway nginx error. It seems to me that a pointer is incorrect somewhere and I'm confused as to where it could be. The upgrade was successful, so I know the data is there, but Artifactory is not able to link to it properly.
Update/clarification: To improve my description: When I head into Application bar / Artifactory / Artifacts and select a repo from the left-hand column, the 'url to file' fails to load. I'm assuming this is the tree view?
On the server that is currently working, a url such as https://acme/artifactory/repo leads to a directory listing. However, on the new server, a url such as https://new-acme-server/artifactory/repo would lead to a 502 Bad Gateway or an nginx error if I use http (no cert is installed on the test VM, but is installed on the orignal server).
In v7.35, I went into the 'http settings' and switched the server provider as both nginx and apache (Tomcat was set as default) and while the site operated fine under both, the url to the repo files still fails with an nginx error, regardless of the server provider.
When I did a full system export of the original server, the documentation had me uncheck "Exclude data". I also exported the repos out as well and imported those in via a path. Everything seems to show up correctly just like on the original server, but I'm still unable to view a directory listing when I click on the url.
Could it be the location of the filestore being different? If so, how would I go about pointing it to the right location?
V7.35: /opt/jfrog/artifactory/var/data/artifactory/filestore
V6.11: /opt/artifactory/artifactory-pro-6.11.3/data/filestore
The base URL is the same as the original installation http(s)://domain/artifactory
Output from artifactory-service.log
2022-03-25T16:58:40.429Z [jfrt ] [INFO ] [3bb67ba1f30d560e] [ifactoryApplicationContext:564] [ttp-nio-8081-exec-10] - Artifactory application context set to READY by reload
2022-03-25T16:58:40.430Z [jfrt ] [INFO ] [3bb67ba1f30d560e] [c.CentralConfigServiceImpl:933] [ttp-nio-8081-exec-10] - Configuration reloaded.
2022-03-25T17:09:04.013Z [jfrt ] [INFO ] [708a8ae7c307ec92] [c.CentralConfigServiceImpl:914] [http-nio-8081-exec-5] - Reloading configuration... old revision 212, new revision 213
2022-03-25T17:09:04.121Z [jfrt ] [INFO ] [708a8ae7c307ec92] [c.CentralConfigServiceImpl:542] [http-nio-8081-exec-5] - New configuration with revision 213 saved.
2022-03-25T17:09:04.121Z [jfrt ] [INFO ] [708a8ae7c307ec92] [ifactoryApplicationContext:564] [http-nio-8081-exec-5] - Artifactory application context set to NOT READY by reload
2022-03-25T17:09:04.181Z [jfrt ] [INFO ] [708a8ae7c307ec92] [ifactoryApplicationContext:564] [http-nio-8081-exec-5] - Artifactory application context set to READY by reload
2022-03-25T17:09:04.181Z [jfrt ] [INFO ] [708a8ae7c307ec92] [c.CentralConfigServiceImpl:933] [http-nio-8081-exec-5] - Configuration reloaded.
2022-03-25T17:36:47.707Z [jfrt ] [INFO ] [d7bb51eedd93b03c] [aseBundleCleanupServiceImpl:84] [art-exec-20 ] - Starting to cleanup incomplete Release Bundles
2022-03-25T17:36:47.708Z [jfrt ] [INFO ] [d7bb51eedd93b03c] [b.ReleaseBundleServiceImpl:415] [art-exec-20 ] - Finished deleting orphan/unidentified items from _intransit repository
2022-03-25T17:36:47.709Z [jfrt ] [INFO ] [d7bb51eedd93b03c] [aseBundleCleanupServiceImpl:90] [art-exec-20 ] - Finished incomplete Release Bundles cleanup
Your filestore location for both Artifactory 6 and Artifactory7 is correct.
This indicates to me that the issue is with your reverse proxy.
In order to confirm, can you check the below two things.
Open your Artifactory on its IP and Port.
http://localhost:8082/ (The default port will be 8082 if you have not modified). Now go to tree view in Application tab of Artifactory and try to download a specific file. If you are able to download, then the issue is might not be with filestore or upgrade. Mostly it should be reverse proxy.
In that case, navigate to Artifactory > Administration > Artifactory > HTTP Settings > Genereate new settings > Place in reverse proxy and restart.
In the above test, if you are still not able to download, then check in the logs ($JFROG_HOME/artifactory/var/log/artifactory-service.log) if you are observing a message something similar to the below.
2022-03-24T20:15:35.072Z [jfrt ] [WARN ] [2a73d62655afd1ad] [.r.ArtifactoryResponseBase:136] [http-nio-8081-exec-9] - Sending HTTP error code 500: Could not process download request: Binary provider has no content for '165c79f8dff2f9e7d3ccadcbc295f7ef8e6e95f0'
If yes, then it indicates that, Artifactory is not able to find the binary. If none of the above helped, post the log snippet from the above log file here while you are trying to download a file along with the file name.
For your update/clarification questions, please allow me to clarify.
In Artifactory 6.x Artifactory was acting as both the server and UI, therefore you could use the "http://acme/artifactory URL, however in Artifactory 7.x, Artifactory changed to work with multiple microservices, and the UI has moved to its own microservice (now it is named "Frontend"). You can try access the "Native Browser" by using this URL http://acme/ui/native/REPOSITORY/.
To add to the above and to Ganapathi's reply, the URL for your Artifactory has changed from http://acme:8081/artifactory to http://acme:8082 since Artifactory is now utilizing the "router" (external port is 8082 and internal 8046) microservice to redirect all the requests to the respective microservices. You can check the full list here.
I hope this clarifies more.
When a team member restores nuget packages using donet, artifactory enters a loop with the errors below until the memory overflows.
The problem only happens when he adds in his Nuget.Config the tag protocolVersion="3"
<add key="Company" value="https://repo.company.com/artifactory/api/nuget/v3/rdi-nuget-virtual" protocolVersion="3" />
In the tests we noticed that the use of the protocolversion=3 tag causes this.
This tag is necessary because the download of the file is much faster
Anyone have an idea what it could be?
Could you help me please?
logs below
Version jfrog: 7.29.8 rev 72908900
2022-01-11T14:00:57.263Z [jfrt ] [WARN ] [6cdecc92eaf486c7] [.r.ArtifactoryResponseBase:136] [ttp-nio-8081-exec-43] - Sending HTTP error code 403: Download request for repo:path 'nuget-remote-cache:.nuGetV3/feed.json' is forbidden for user: 'lcunha'.
2022-01-11T14:00:57.264Z [jfrt ] [ERROR] [6cdecc92eaf486c7] [etV3VirtualAndRemoteCommon:274] [ttp-nio-8081-exec-43] - Failed to download resource in repo: nuget-remote, at url: https://api.nuget.org/v3/index.json. HTTP STATUS CODE: 403
2022-01-11T14:00:57.264Z [jfrt ] [ERROR] [6cdecc92eaf486c7] [etV3VirtualAndRemoteCommon:133] [ttp-nio-8081-exec-43] - Failed to convert artifactory url (https://repostaging.companysoftware.com:443/artifactory/api/nuget/v3/company-nuget-virtual/registration-semver2) to original remote url for repo: nuget-remote, package: xunit.core
java.lang.NullPointerException: null
at java.base/java.util.Objects.requireNonNull(Objects.java:221)
2022-01-11T14:01:56.786Z [jfrou] [ERROR] [2016c910242342cc] [external_topology.go:82 ] [main ] - Failed fetching external topology from Access: Get "http://localhost:8040/access/api/v1/topology": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
2022-01-11T14:02:04.871Z [jfrou] [WARN ] [7f3fb3a30ade9665] [local_topology.go:268 ] [main ] - Readiness test failed with the following error: "required node services are missing or unhealthy"
2022-01-11T14:02:09.877Z [jfrou] [ERROR] [7f3fb3a30ade9665] [local_topology.go:128 ] [main ] - periodic send heartbeat failed for 4 consecutive times. Last error: failed sending heartbeat information to Access: failed closing Access grpc client: closing heartbeat client and waiting for response timed-out
java.lang.OutOfMemoryError: Java heap space
-XX:OnOutOfMemoryError="kill -9 %p"
Executing /bin/sh -c "kill -9 3974"...
2022-01-11T14:02:11.185Z [jfrou] [WARN ] [5a89519a8048b91d] [local_topology.go:268 ] [main ] - Readiness test failed with the following error: "required node services are missing or unhealthy"
2022-01-11T14:02:11.196Z [jfrou] [ERROR] [79bb63bc55c1ed15] [external_topology.go:82 ] [main ] - Failed fetching external topology from Access: Get "http://localhost:8040/access/api/v1/topology": read tcp 127.0.0.1:55970-127.0.0.1:8040: read: connection reset by peer
2022/01/11 14:02:11 httputil: ReverseProxy read error during body copy: read tcp 127.0.0.1:56788->127.0.0.1:8045: read: connection reset by peer
2022/01/11 14:02:11 httputil: ReverseProxy read error during body copy: read tcp 127.0.0.1:56788->127.0.0.1:8045: read: connection reset by peer
2022/01/11 14:02:11 httputil: ReverseProxy read error during body copy: read tcp 127.0.0.1:56788->127.0.0.1:8045: read: connection reset by peer
2022-01-11T14:02:11.208Z 35[jfob ] [WARN ] [1ed879c85a5af005] [access_join.go:70 ] [main ] - Refreshing platform config change events gRPC stream - target server is unavailable - if issue persists check communication with access [access_client]
/opt/jfrog/artifactory/app/bin/artifactory.sh: line 359: 3974 Killed $TOMCAT_HOME/bin/catalina.sh run
Can you share your setup?
-The application server is the CentOS Linux release 7.9.2009 (Core)
-MySQL as backend Database
-Also, we are using the Apache as reverse proxy to apply the SSL certificate.
How are you running Artifactory?
-The Artifactory is container based: releases-docker.jfrog.io/jfrog/artifactory-pro:7.29.8
How much resources to you give it? Memory and CPU
The server has allocated:
2 vCPU
16 GB RAM
SSD
What are the java memory settings? Mostly interested in heap settings (Xms and Xmx)?
We are using the standard configuration. No changes were made in the Xms and Xms parameters.
As you are using Artifactory v7.x? You may refer to our System Requirements wiki page for the recommended hardware based on your environment.
Also, from on the error message shared, it looks like the user does not have proper permissions hence we see 403 errors. Please do validate and assign the required permissions to the user and let us know the results.
Sending HTTP error code 403:
Download request for repo:
path 'nuget-remote-cache:.nuGetV3/feed.json' is forbidden for user: 'lcunha'.
We were trying to Integrate Xray with our Jfrog Artifactory. In Amazon Linux 2 we are trying to install with docker compose,while we run the config.sh
After running the bellow docker compose commands
start rabbitmq: docker-compose -p xray-rabbitmq -f docker-compose-rabbitmq.yaml up -d
start postgresql: docker-compose -p xray-postgres -f docker-compose-postgres.yaml up -d
start: docker-compose -p xray up -d
xray router is getting restarting after 20sec with following error:
We have checked whether any selinux, firewalld, or iptables are blocking,but all are in disable state.
Can someone help us to resolve the issue?
Now Private IP is able to reach Artifactory server,we have created Xray in same VPC of Artifactory.
Now all containers of Xray are running in Xray server,but now we have a different issue.
In xray server container we are getting the below logs
2021-08-12T13:41:17.601Z [jfxr ] [INFO ] [469946e5f04dd2c6] [updates_service:486 ] [main ] Initializing JFrog vendor
2021-08-12T13:41:17.700Z [jfxr ] [ERROR] [ ] [bin_mgr_cache:50 ] [main ] Failed to get binary managerid:failed on GetAllBinaryManagerIds query
--- at /go/src/jfrog.com/xray/internal/dbaccess/dao/binary_managers_dao.go:367 (binMgrDao.GetBinaryManagerId) ---
Caused by: not found
2021-08-12T13:41:17.701Z [jfxr ] [ERROR] [ ] [bin_mgr_cache:59 ] [main ] Failed to get binary manager'' version, err :failed to fetch binary manager
--- at /go/src/jfrog.com/xray/internal/dbaccess/dao/binary_managers_dao.go:290 (binMgrDao.GetBinMgrByID) ---
Caused by: not found
2021-08-12T13:41:17.701Z [jfxr ] [WARN ] [ ] [indexed_resources_cache:36 ] [main ] Failed to get binary managerfor cache:failed to fetch binary manager
--- at /go/src/jfrog.com/xray/internal/dbaccess/dao/binary_managers_dao.go:290 (binMgrDao.GetBinMgrByID) ---
Caused by: not found
Any idea on this?
#praseeb It appears you are giving JFrogURL as the node IP of xray. It should be the reachable URL of artifactory from the xray machine, Please pick it from Admin > Security > Settings as indicated.
I had similar issue with some custom Docker Compose files.
It was a network issue, the containers (server, indexer, analysis, persist) did not start in the same network as the router. This occurs because I use docker-compose [...] --no-start.
With the --no-start option, the network_mode: service:router was ignored and the containers goes to the default bridge network. So they cannot communicate with the router on local ports (8046, etc).
We just update our artifactory 6.10.9 to 7.6.3 on Ubuntu using debian package.
The migration.log show that the migration complete successfully
the service start bu we get a 404 when accessing the server.
There is errors on router-service.log:
[jfrou] [FATAL] [1ef8ac7a8bab9898] [bootstrap.go:93] [main] - Cluster join: Failed resolving join key: failed resolving 'shared.security.joinKey' key; file does not exist: /opt/jfrog/artifactory/var/etc/security/join.key
in frontend-service.log :
[jffe ] [ERROR] [ ] [ ] [main] - Error: connect ECONNREFUSED 127.0.0.1:8046
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1107:14)
in metadata-service.log :
[jffe ] [ERROR] [ ] [ ] [main] - Error: connect ECONNREFUSED 127.0.0.1:8046
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1107:14)
And this is the first errors in the console.log :
2020-08-18T19:27:12.494Z [jfrt ] [ERROR] [d2fc2e16d5fc1039] [actoryContextConfigListener:83] [ocalhost-startStop-1] - Failed initializing Artifactory context: Artifactory home not initialized.
2020-08-18T15:27:12.495L [tomct] [SEVERE] [ ] [org.apache.catalina.core.StandardContext] [org.apache.catalina.core.StandardContext startInternal] - One or more listeners failed to start. Full details will be found in the appropriate container log file
2020-08-18T15:27:12.497L [tomct] [SEVERE] [ ] [org.apache.catalina.core.StandardContext] [org.apache.catalina.core.StandardContext startInternal] - Context [/artifactory] startup failed due to previous errors
Does someone already had this kind of issue ? Thanks for clues.
Based on the error log snippet, it looks like the issue is with the router not coming up. Can you check the $JFROG_HOME/artifactory/var/log/router-service.log file if there is an error entry causing this issue?
Final problem was due to bad host file. fixing it with good entries solved the last problem
Since upgrading to 6.8.7 using the rpm on RHEL 7, using systemctl start artifactory fails
Looking in the log its failing at this point
2019-03-16 09:50:28,952 [art-init] [INFO ] (o.a.s.a.ArtifactoryAccessClientConfigStore:593) - Using Access Server URL: http://localhost:8040/access (bundled) source: detected
2019-03-16 09:50:29,379 [art-init] [INFO ] (o.a.s.a.AccessServiceImpl:353) - Waiting for access server...
2019-03-16 09:50:30,625 [art-init] [WARN ] (o.j.a.c.AccessClientHttpException:41) - Unrecognized ErrorsModel by Access. Original message: Failed on executing /api/v1/system/ping, with response: Not Found
2019-03-16 09:50:30,634 [art-init] [ERROR] (o.a.s.a.AccessServiceImpl:364) - Could not ping access server: {}
org.jfrog.access.client.AccessClientHttpException: HTTP response status 404:Failed on executing /api/v1/system/ping, with response: Not Found
Previously we would get
2019-03-13 09:56:06,293 [art-init] [INFO ] (o.a.s.a.ArtifactoryAccessClientConfigStore:593) - Using Access Server URL: http://localhost:8040/access (bundled) source: detected
2019-03-13 09:56:06,787 [art-init] [INFO ] (o.a.s.a.AccessServiceImpl:353) - Waiting for access server...
2019-03-13 09:56:24,068 [art-init] [INFO ] (o.a.s.a.AccessServiceImpl:360) - Got response from Access server after 17280 ms, continuing.
Any suggestions on debugging whether this access server has started ?
Further to this I found logs showing when it worked it used to start a jar file
2019-03-08 09:19:11,609 [localhost-startStop-2] [INFO ] (o.j.a.AccessApplication:48) - Starting AccessApplication v4.1.48 on hostname.nexor.co.uk with PID 5913 (/opt/jfrog/artifactory/tomcat/webapps/access/WEB-INF/lib/access-application-4.1.48.jar started by artifactory in /)
Now when i look I find /opt/jfrog/artifactory/tomcat/webapps/access/ is empty so there is no jar file to run
The rpm did deliver an access.war file and that is there
$ ls -l /opt/jfrog/artifactory/webapps
total 104692
-rwxrwxr-x. 1 root root 51099759 Mar 14 12:14 access.war
-rwxrwxr-x. 1 root root 56099348 Mar 14 12:14 artifactory.war
Is there some manual step I can run to expand this war file to get the jar (as you can guess I am not up on my java apps)
Eventually got it working by deleting the empty /opt/jfrog/artifactory/tomcat/webapps/access directory and a new one containing the required jar files got created.
Not sure why this happened but that got it working for me
I had similar problem on CentOS 7, the solution was downgrade the newly updated java packages by running this command:
yum downgrade java-1.8.0*
After that restart the artifactory:
systemctl restart artifactory
Try changing the port number under your tomcat\conf\server.xml from 8081 to a different, unused port. Then, restart the Artifactory service to ensure the change takes effect.