Friday, December 14, 2018

Cleaning up old releases in Nexus 2 and 3

In Nexus 2 there is the task "remove releases from repository", where you can further refine the scope by specifying a "repository target" (=a filter).... problem is, the only option you have is the number of the most recent versions to retain.... there is no way to specify "delete all versions older than 2 years, but in any case keep the last 10".

I have written this Spring Boot utility https://github.com/vernetto/nexusclean to generate curl commands to delete artifacts based on multiple selection criteria. But it doesn't handle parent pom, which is a limitation.

Also, be aware that the curl command to delete a component, like

curl -u admin:admin123 -X "DELETE" -w "%{http_code}" http://localhost:8281/nexus/service/local/repositories/central/content/org/codehaus/plexus/plexus-classworlds/1.2-alpha-7

every time rebuilds the index, which is very CPU intensive. There is no way to batch multiple deletes in a single transaction.


In Nexus 3

https://github.com/xninjaxelitex/nexus3-cleanup-release-artifact





Monday, December 10, 2018

Docker broken after upgrade

sudo systemctl start docker
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.


sudo journalctl -xe


Error starting daemon: error initializing graphdriver: /var/lib/docker contains several valid graphdrivers: devicemapper, overlay2; Please cleanup or explicit

sudo vi /etc/docker/daemon.json

append this at the end and before the closed curly brace:

,"storage-driver": "devicemapper"



sudo systemctl reset-failed docker.service
sudo systemctl start docker.service




Thursday, November 29, 2018

Nexus repo validates Docker images on production.cloudflare.docker.com

In Nexus logs I find a lot of calls to production.cloudflare.docker.com:



2018-11-05 14:13:43,416+0100 DEBUG [qtp72695066-56] ADV org.sonatype.nexus.httpclient.outbound - https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/4f/4fe2ade4980c2dda4fc95858ebb981489baec8c1e4bd282ab1c3560be8ff9bde/data?verify=1541426623-n%2BHbbRXN3Rr4k6Bxofrsv6tRVFw%3D > GET /registry-v2/docker/registry/v2/blobs/sha256/4f/4fe2ade4980c2dda4fc95858ebb981489baec8c1e4bd282ab1c3560be8ff9bde/data?verify=1541426623-n%2BHbbRXN3Rr4k6Bxofrsv6tRVFw%3D HTTP/1.1
2018-11-05 14:13:43,416+0100 DEBUG [qtp72695066-56] ADV org.sonatype.nexus.internal.httpclient.SharedHttpClientConnectionManager - Connection request: [route: {tls}->http://ourproxy:8080->https://production.cloudflare.docker.com:443][total kept alive: 1; route allocated: 0 of 20; total allocated: 3 of 200]
2018-11-05 14:13:43,417+0100 DEBUG [qtp72695066-56] ADV org.sonatype.nexus.internal.httpclient.SharedHttpClientConnectionManager - Connection leased: [id: 18][route: {tls}->http://ourproxy:8080->https://production.cloudflare.docker.com:443][total kept alive: 1; route allocated: 1 of 20; total allocated: 4 of 200]
2018-11-05 14:13:43,475+0100 DEBUG [qtp72695066-4467] ADV org.sonatype.nexus.httpclient.outbound - https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/alpine:pull < HTTP/1.1 200 OK @ 129.8 ms 2018-11-05 14:13:43,475+0100 DEBUG [qtp72695066-4467] ADV org.sonatype.nexus.repository.docker.internal.DockerProxyFacetImpl - Response: HttpResponseProxy{HTTP/1.1 200 OK [Content-Type: application/json, Date: Mon, 05 Nov 2018 13:13:43 GMT, Transfer-Encoding: chunked, Strict-Transport-Security: max-age=31536000, Connection: Keep-Alive] ResponseEntityProxy{[Content-Type: application/json,Chunked: true]}}


we access internet via a Proxy Server ourproxy, which doesn't whitelist production.cloudflare.docker.com

each of them creates a file in $NEXUS_DATA/tmp/docker-content-validation-failures with an "access denied" message from ourproxy

Here https://forums.docker.com/t/corporate-firewall-remote-error-tls-handshake-failure/52965 they say we should also whitelist production.cloudflare.docker.com

I have no idea if the "docker pull" will fail, or if this "validation" can be disabled...




See also https://support.sonatype.com/hc/en-us/articles/115015442847-Whitelisting-Docker-Hub-Hosts-for-Firewalls-and-HTTP-Proxy-Servers