Open yasser583 opened 2 weeks ago
PiR-B
commented
2 weeks ago Hi @yasser583,
/opt/sonatype/sonatype-work/nexus3/admin.password is created by Nexus during the installation. It’s not part of this Puppet module. If you have defined nexus::config::admin::password properly, simply delete the file mentioned above, and you should be good to go.
Ref :
yasser583
commented
2 weeks ago Hello @PiR-B, I mean, I delete the file but every time nexus is started (for example with systemctl start nexus), a new admin.password file gets created. I've deleted the file a lot of times but it just comes back, can't get rid of it.
Thanks again.
PiR-B
commented
2 weeks ago Hi @yasser583,
Can you please provide your nexus class definition ?
As an example, I don't have any problem with this definition running on debian 12 with puppet-agent 8.8.1
mod 'puppet-archive', '7.1.0'
mod 'puppet-extlib', '7.0.0'
mod 'puppetlabs-device_manager', '4.1.0'
mod 'puppetlabs-java', '11.0.0'
mod 'puppetlabs-stdlib', '9.6.0'
mod 'pest-nexus', '4.1.0' java::adoptium { 'jdk17' :
ensure => 'present',
version_major => '17',
version_minor => '0',
version_patch => '12',
version_build => '7',
}
-> class { 'nexus':
version => '3.71.0-06',
host => '0.0.0.0',
download_site => 'https://download.sonatype.com/nexus/3',
purge_default_repositories => true,
manage_datastore => true,
}nexus::config::anonymous::enabled: true
nexus::manage_user: false
nexus::config::admin::first_name: Firstname
nexus::config::admin::last_name: Lastname
nexus::config::admin::password: >
ENC[PKCS7,whatever]After the puppet run, did you manually finished the installation thanks to the GUI ?
Regards
yasser583
commented
2 weeks ago Hello @PiR-B, this is what I have: Puppetfile
mod 'puppetlabs-device_manager', '4.1.0'
mod 'puppet-extlib', '7.0.0'
mod 'pest-nexus', '4.1.0'nexus.pp
class profile::nexus (
....
$nexus_server_version = lookup('nexus_server_version', undef, undef, undef),
) {
package { 'java-17-amazon-corretto':
ensure => 'present',
}
class { 'nexus':
version => $nexus_server_version,
purge_default_repositories => true,
manage_datastore => true,
require => [Package['java-17-amazon-corretto'], Class['nginx']],
}
}Hieradata (don't mind the syntax since it gets converted to real hiera)
"profile::nexus::nexus_server_version": "3.71.0-06",
"nexus::config::admin::username": "admin",
"nexus::config::admin::first_name": "admin",
"nexus::config::admin::last_name": "admin",
"nexus::config::admin::email_address": "admin@host.com",
"nexus::config::admin::password": "anypassword"Regarding the GUI installation, I don't think Nexus asks for anything else after login.
PiR-B
commented
2 weeks ago Hi @yasser583,
It looks good. What is your OS & puppet-agent version ?
Can you please attach the output of the sudo puppet agent -t ?
Regards
yasser583
commented
2 weeks ago Hello @PiR-B , here's the information:
OS: Amazon Linux 2 Puppet agent version: 7.21.0
puppet agent -t
Error: /Stage[main]/Nexus::Config::Admin/Nexus_user[admin]: Could not evaluate: authentication error
Notice: /Stage[main]/Nexus::Config::Anonymous/Nexus_setting[security/anonymous]: Dependency Nexus_user[admin] has failures: true
Warning: /Stage[main]/Nexus::Config::Anonymous/Nexus_setting[security/anonymous]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Email/Nexus_setting[email]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[maven-central]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[maven-releases]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[maven-public]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[maven-snapshots]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[nuget-group]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[nuget-hosted]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[nuget.org-proxy]: Skipping because of failed dependencies
Notice: Applied catalog in 15.73 secondsKind regards
PiR-B
commented
2 weeks ago Hi @yasser583,
This output is 100% normal if /opt/sonatype/sonatype-work/nexus3/admin.password file exist.
Otherwise, it's an issue. Can you please confirm that the file is present ?
If it's present, remove /opt/sonatype/sonatype-work/nexus3/admin.password file and post the output of sudo puppet agent -t
Regards
yasser583
commented
2 weeks ago Hello @PiR-B :
Running puppet agent -t after removing the admin.password file (Nexus service running):
Notice: Applied catalog in 16.54 seconds
So apparently is all good. But if Nexus service is stopped (file admin.password also not present):
Notice: /Stage[main]/Nexus::Service/Service[nexus]/ensure: ensure changed 'stopped' to 'running' (corrective)
Info: /Stage[main]/Nexus::Service/Service[nexus]: Unscheduling refresh on Service[nexus]
Error: /Stage[main]/Nexus::Config::Admin/Nexus_user[admin]: Could not evaluate: authentication error
Notice: /Stage[main]/Nexus::Config::Anonymous/Nexus_setting[security/anonymous]: Dependency Nexus_user[admin] has failures: true
Warning: /Stage[main]/Nexus::Config::Anonymous/Nexus_setting[security/anonymous]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Email/Nexus_setting[email]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[maven-central]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[maven-releases]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[maven-public]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[maven-snapshots]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[nuget-group]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[nuget-hosted]: Skipping because of failed dependencies
Warning: /Stage[main]/Nexus::Config::Default_repositories/Nexus_repository[nuget.org-proxy]: Skipping because of failed dependencies
Info: Class[Nexus]: Unscheduling all events on Class[Nexus]
Info: Stage[main]: Unscheduling all events on Stage[main]
Notice: Applied catalog in 65.35 secondsAnd of course, admin.password is back:
total 44
-rw-r--r-- 1 nexus nexus 36 Aug 28 11:47 admin.password
drwxr-xr-x 3 nexus nexus 21 Jul 17 09:44 blobs
drwxr-xr-x 347 nexus nexus 12288 Aug 28 11:47 cache
drwxr-xr-x 7 nexus nexus 149 Aug 20 08:55 db
drwxr-xr-x 3 nexus nexus 36 Jul 17 21:07 elasticsearchHi @yasser583,
Ok I can reproduce your problem :)
pba@p1nexus1b:~$ ls -al /opt/sonatype/sonatype-work/nexus3/admin.password
ls: cannot access '/opt/sonatype/sonatype-work/nexus3/admin.password': No such file or directory
pba@p1nexus1b:~$ sudo service nexus restart
pba@p1nexus1b:~$ ls -al /opt/sonatype/sonatype-work/nexus3/admin.password
-rw-r--r-- 1 nexus nexus 36 Aug 28 20:57 /opt/sonatype/sonatype-work/nexus3/admin.password
pba@p1nexus1b:~$ sudo puppet agent -t
Info: Refreshing CA certificate
Info: CA certificate is unmodified, using existing CA certificate
Info: Refreshing CRL
Info: CRL is unmodified, using existing CRL
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Notice: Requesting catalog from puppet:8140 (10.0.1.20)
Notice: Catalog compiled by p1puppet1a.dc.local
Info: Caching catalog for p1nexus1b.dc.local
Info: Applying configuration version 'p1puppet1a-production-ab8e09f v1'
Error: /Stage[main]/Nexus::Config::Admin/Nexus_user[admin]: Could not evaluate: authentication error
[...]@TuningYourCode, can you please change the behaviour of the build_options method ? I don't know Ruby, and I don't want to break anything
I believe something like this would be better. But how would you handle the first puppet run since we need the content of the tmp_pw_file file variable ?
if @connection_info[:username].present? && @connection_info[:password].present?
username = @connection_info[:username]
password = @connection_info[:password].unwrap
elseif File.exist?(@connection_info[:tmp_pw_file])
username = 'admin'
password = File.read(@connection_info[:tmp_pw_file])
else
# Throw an error
endIf the username and the password are defined, in my opinion, the condition should be evaluated first - But only if it's not the first puppet run.
As mentioned by @yasser583, if we restart the Nexus service, we notice that /opt/sonatype/sonatype-work/nexus3/admin.password is regenerated, and currently, this generated file has higher precedence, which is not intended if we defined nexus::config::admin::password
@yasser583 please wait for @TuningYourCode response and don't restart the service or just manually delete the generated file for now (:
Regards
Edit : It looks like it's a regression. See https://github.com/sonatype/nexus-public/issues/458
TuningYourCode
commented
1 week ago Looks like a regression, nexus shouldn't create that file if admin user was setup. Not much we can do here for now without breaking other versions.
Let's see how upstream behaves if they fix this issue soon or if this will be the new behaviour that we have to find some workaround.
When provisioning a server, the "nexus::config::admin::password" is set in Hiera and Nexus uses it, so everything looks good. But even when the password has a value, the file /opt/sonatype/sonatype-work/nexus3/admin.password gets created and next time Puppet runs it throws an authentication error. As per the documentation, that random password should only be created if the admin password is not defined (to my understanding). I tried deleting the file but it gets created every time Puppet runs, also, if I try to set it to absent I get a dependency cycle error.
Please your help.