Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[nexus-repository-manager] properties override results on permissions issues on nexus-data #68

Open
MohamedTalhaoui opened this issue Mar 19, 2021 · 4 comments
Open

[nexus-repository-manager] properties override results on permissions issues on nexus-data #68

MohamedTalhaoui opened this issue Mar 19, 2021 · 4 comments

Comments

@MohamedTalhaoui
Copy link

On the values file I enabled the properties override a s follow:

properties:
  override: true
  data: 
    nexus.scripts.allowCreation: true

Then install failed with following error:

2021-03-19 11:11:31,229+0000 INFO  [jetty-main-1] *SYSTEM org.eclipse.jetty.server.session - node0 Stopped scavenging
2021-03-19 11:11:31,231+0000 ERROR [jetty-main-1] *SYSTEM org.sonatype.nexus.bootstrap.jetty.JettyServer - Failed to start
com.google.inject.ProvisionException: Unable to provision, see the following errors:

1) Error injecting constructor, java.lang.RuntimeException: java.nio.file.AccessDeniedException: /nexus-data/etc/logback
  at org.sonatype.nexus.internal.log.LogbackLoggerOverrides.<init>(LogbackLoggerOverrides.java:67)
  at / (via modules: org.sonatype.nexus.extender.modules.NexusBundleModule -> org.eclipse.sisu.space.SpaceModule)
  while locating org.sonatype.nexus.internal.log.LogbackLoggerOverrides
  while locating java.lang.Object annotated with *
  at org.eclipse.sisu.wire.LocatorWiring
  while locating org.sonatype.nexus.internal.log.LoggerOverrides
    for the 3rd parameter of org.sonatype.nexus.internal.log.LogbackLogManager.<init>(LogbackLogManager.java:86)
  at / (via modules: org.sonatype.nexus.extender.modules.NexusBundleModule -> org.eclipse.sisu.space.SpaceModule)
  while locating org.sonatype.nexus.internal.log.LogbackLogManager
  while locating java.lang.Object annotated with *

1 error
        at com.google.inject.internal.InternalProvisionException.toProvisionException(InternalProvisionException.java:226)
        at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1097)
        at org.eclipse.sisu.inject.LazyBeanEntry.getValue(LazyBeanEntry.java:81)
        at org.sonatype.nexus.extender.NexusLifecycleManager.to(NexusLifecycleManager.java:111)
        at org.sonatype.nexus.extender.NexusContextListener.moveToPhase(NexusContextListener.java:321)
        at org.sonatype.nexus.extender.NexusContextListener.contextInitialized(NexusContextListener.java:181)
        at org.sonatype.nexus.bootstrap.osgi.ListenerTracker.addingService(ListenerTracker.java:47)
        at org.sonatype.nexus.bootstrap.osgi.ListenerTracker.addingService(ListenerTracker.java:1)
        at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941)
        at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870)
        at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)
        at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183)
        at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318)
        at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261)
        at org.sonatype.nexus.bootstrap.osgi.BootstrapListener.contextInitialized(BootstrapListener.java:129)
        at org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:1068)
        at org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:572)
        at org.eclipse.jetty.server.handler.ContextHandler.contextInitialized(ContextHandler.java:997)
        at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:754)
        at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:379)
        at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1457)
        at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1422)
        at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:911)
        at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:288)
        at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
        at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
        at com.codahale.metrics.jetty9.InstrumentedHandler.doStart(InstrumentedHandler.java:101)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
        at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
        at org.eclipse.jetty.server.Server.start(Server.java:423)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
        at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
        at org.eclipse.jetty.server.Server.doStart(Server.java:387)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
        at org.sonatype.nexus.bootstrap.jetty.JettyServer$JettyMainThread.run(JettyServer.java:274)
Caused by: java.lang.RuntimeException: java.nio.file.AccessDeniedException: /nexus-data/etc/logback
        at org.sonatype.nexus.internal.app.ApplicationDirectoriesImpl.mkdir(ApplicationDirectoriesImpl.java:116)
        at org.sonatype.nexus.internal.app.ApplicationDirectoriesImpl.resolve(ApplicationDirectoriesImpl.java:134)
        at org.sonatype.nexus.internal.app.ApplicationDirectoriesImpl.getWorkDirectory(ApplicationDirectoriesImpl.java:95)
        at org.sonatype.nexus.internal.app.ApplicationDirectoriesImpl.getWorkDirectory(ApplicationDirectoriesImpl.java:100)
        at org.sonatype.nexus.internal.log.LogbackLoggerOverrides.<init>(LogbackLoggerOverrides.java:69)
        at org.sonatype.nexus.internal.log.LogbackLoggerOverrides$$FastClassByGuice$$d577229d.newInstance(<generated>)
        at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89)
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39)
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62)
        at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1094)
        at org.eclipse.sisu.inject.LazyBeanEntry.getValue(LazyBeanEntry.java:81)
        at org.eclipse.sisu.wire.BeanProviders.firstOf(BeanProviders.java:179)
        at org.eclipse.sisu.wire.BeanProviders$7.get(BeanProviders.java:160)
        at com.google.inject.internal.ProviderInternalFactory.provision(ProviderInternalFactory.java:85)
        at com.google.inject.internal.InternalFactoryToInitializableAdapter.provision(InternalFactoryToInitializableAdapter.java:57)
        at com.google.inject.internal.ProviderInternalFactory.circularGet(ProviderInternalFactory.java:59)
        at com.google.inject.internal.InternalFactoryToInitializableAdapter.get(InternalFactoryToInitializableAdapter.java:47)
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42)
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65)
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39)
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62)
        at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1094)
        ... 40 common frames omitted
Caused by: java.nio.file.AccessDeniedException: /nexus-data/etc/logback
        at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
        at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
        at java.nio.file.Files.createDirectory(Files.java:674)
        at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
        at java.nio.file.Files.createDirectories(Files.java:767)
        at org.sonatype.nexus.common.io.DirectoryHelper.mkdir(DirectoryHelper.java:143)
        at org.sonatype.nexus.internal.app.ApplicationDirectoriesImpl.mkdir(ApplicationDirectoriesImpl.java:110)
        ... 71 common frames omitted

I also tried with the following init container to fix the permissions, but that does not help

  deployment:
    initContainers:
    - name: fmp-volume-permission
      image: busybox
      imagePullPolicy: IfNotPresent
      command: ['chmod','-R', '777', '/nexus-data']
      volumeMounts:
        - name: nexus-repository-manager-data
          mountPath: /nexus-data

Kubernetes version:

Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.0", GitCommit:"af46c47ce925f4c4ad5cc8d1fca46c7b77d13b38", GitTreeState:"clean", BuildDate:"2020-12-08T17:59:43Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16+", GitVersion:"v1.16.15-gke.7800", GitCommit:"cef3156c566a1d1a4b23ee360a760f45bfbaaac1", GitTreeState:"clean", BuildDate:"2020-12-14T09:12:37Z", GoVersion:"go1.13.15b4", Compiler:"gc", Platform:"linux/amd64"}
@debu99
Copy link

debu99 commented May 16, 2021

i have the same issue

@hWorblehat
Copy link

The problem appears to be caused by the fact that the properties override mount point is a subpath inside the data mount point. Kubernetes has to create the /nexus-data/etc dir in order to mount the properties file - it creates it as root, which then causes it not to be writable by nexus when it starts. The following values worked around the issue for me:

nexus:
  # Add an fsGroup to ensure volumes are writable by the Nexus user
  securityContext:
    runAsUser: 200
    runAsGroup: 200
    fsGroup: 200
    fsGroupChangePolicy: "OnRootMismatch"

deployment:
  initContainers:
    # Make sure 'etc' dir exists inside 'nexus-data' with the right group owner,
    # before Kubernetes tries to mount to it as root
    - name: ensure-nexus-data-permissions
      image: busybox:1.33
      imagePullPolicy: Always
      command: ["mkdir", "-p", "/nexus-data/etc"]
      volumeMounts:
        - name: nexus-repository-manager-data
          mountPath: /nexus-data

@ruckc
Copy link
Contributor

ruckc commented Feb 10, 2022

shouldn't this be part of the helm-chart instead of us having to add it?

@hWorblehat
Copy link

Yes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ruckc @hWorblehat @debu99 @MohamedTalhaoui