search

sonatype-nexus-community / nexus-repository-installer

Installer for Nexus Repository Manager 3
Apache License 2.0
32 stars 11 forks source link

Builds are broken due to usage of EOL CentOS #37

Open brandan-schmitz opened 1 month ago

brandan-schmitz commented 1 month ago

It seems that the last few builds have failed in the CircleCI pipelines when trying to build this. It seems the fact that CentOS is EOL and that the http://mirrorlist.centos.org that is used in the current CentOS docker image to install expect is no longer online has broken builds of this.

make -f Makefile docker
make[1]: Entering directory '/home/vpn/nexus-repository-installer'
docker inspect nexus-repository-manager-rpm-7-data >/dev/null 2>&1 && \
    docker rm nexus-repository-manager-rpm-7-data || \
    true
docker build -f rpm/Dockerfile --tag nexus-repository-manager-rpm:7 .
[+] Building 71.6s (6/10)                                                                                                                                                                                                                                                          docker:default
 => [internal] load build definition from Dockerfile                                                                                                                                                                                                                                         0.0s
 => => transferring dockerfile: 365B                                                                                                                                                                                                                                                         0.0s
 => [internal] load metadata for docker.io/jswank/centos-rpm:7                                                                                                                                                                                                                               0.9s
 => [internal] load .dockerignore                                                                                                                                                                                                                                                            0.0s
 => => transferring context: 2B                                                                                                                                                                                                                                                              0.0s
 => [1/6] FROM docker.io/jswank/centos-rpm:7@sha256:fa9bdc1296f57eed10f9616dcd762f192128a1cf08fa9e967430ea28260edfb9                                                                                                                                                                        13.8s
 => => resolve docker.io/jswank/centos-rpm:7@sha256:fa9bdc1296f57eed10f9616dcd762f192128a1cf08fa9e967430ea28260edfb9                                                                                                                                                                         0.0s
 => => sha256:fa9bdc1296f57eed10f9616dcd762f192128a1cf08fa9e967430ea28260edfb9 954B / 954B                                                                                                                                                                                                   0.0s
 => => sha256:695b6c8acc3e430af051f81b1fe06323c0b453dedb6924ee03b1bc29251e83e2 3.07kB / 3.07kB                                                                                                                                                                                               0.0s
 => => sha256:469cfcc7a4b3947a4fa549c68cf4f8570be53779725f0c19f3d33d1520b08db0 73.17MB / 73.17MB                                                                                                                                                                                             1.2s
 => => sha256:71914914eeabe32dbb79efc866aa5423e6be98a0373294ef3fe4630180fd994d 125.37MB / 125.37MB                                                                                                                                                                                           4.4s
 => => sha256:98376077fb8ef3808dee604ff4bdbfc52abb9518098770e266a1ed207964067f 10.68MB / 10.68MB                                                                                                                                                                                             1.2s
 => => extracting sha256:469cfcc7a4b3947a4fa549c68cf4f8570be53779725f0c19f3d33d1520b08db0                                                                                                                                                                                                    3.8s
 => => extracting sha256:71914914eeabe32dbb79efc866aa5423e6be98a0373294ef3fe4630180fd994d                                                                                                                                                                                                    7.4s
 => => extracting sha256:98376077fb8ef3808dee604ff4bdbfc52abb9518098770e266a1ed207964067f                                                                                                                                                                                                    0.4s
 => [internal] load build context                                                                                                                                                                                                                                                            0.0s
 => => transferring context: 253.84kB                                                                                                                                                                                                                                                        0.0s
 => ERROR [2/6] RUN yum -y install expect                                                                                                                                                                                                                                                   56.7s
------                                                                                                                                                                                                                                                                                            
 > [2/6] RUN yum -y install expect:                                                                                                                                                                                                                                                               
0.410 Loaded plugins: fastestmirror, ovl                                                                                                                                                                                                                                                          
56.65                                                                                                                                                                                                                                                                                             
56.65                                                                                                                                                                                                                                                                                             
56.65  One of the configured repositories failed (Unknown),                                                                                                                                                                                                                                       
56.65  and yum doesn't have enough cached data to continue. At this point the only
56.65  safe thing yum can do is fail. There are a few ways to work "fix" this:
56.65 
56.65      1. Contact the upstream for the repository and get them to fix the problem.
56.65 
56.65      2. Reconfigure the baseurl/etc. for the repository, to point to a working
56.65         upstream. This is most often useful if you are using a newer
56.65         distribution release than is supported by the repository (and the
56.65         packages for the previous distribution release still work).
56.65 
56.65      3. Run the command with the repository temporarily disabled
56.65             yum --disablerepo=<repoid> ...
56.65 
56.65      4. Disable the repository permanently, so yum won't use it by default. Yum
56.65         will then just ignore the repository until you permanently enable it
56.65         again or use --enablerepo for temporary usage:
56.65 
56.65             yum-config-manager --disable <repoid>
56.65         or
56.65             subscription-manager repos --disable=<repoid>
56.65 
56.65      5. Configure the failing repository to be skipped, if it is unavailable.
56.65         Note that yum will try to contact the repo. when it runs most commands,
56.65         so will have to try and fail each time (and thus. yum will be be much
56.65         slower). If it is a very temporary problem though, this is often a nice
56.65         compromise:
56.65 
56.65             yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
56.65 
56.65 Cannot find a valid baseurl for repo: base/7/x86_64
56.65 Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container error was
56.65 12: Timeout on http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container: (28, 'Resolving timed out after 30543 milliseconds')
------
Dockerfile:4
--------------------
   2 |     MAINTAINER Jason Swank <jswank@sonatype.com>
   3 |     
   4 | >>> RUN yum -y install expect
   5 |     
   6 |     # force sha256 signature of rpm, instead of old default of sha1 used by CentOS7
--------------------
ERROR: failed to solve: process "/bin/sh -c yum -y install expect" did not complete successfully: exit code: 1
make[1]: *** [Makefile:136: docker] Error 1
make[1]: Leaving directory '/home/vpn/nexus-repository-installer'
make: *** [Makefile:132: docker-all] Error 2
brandan-schmitz commented 1 month ago

After some digging (I really wanted an installer haha) I was able to determine that if you add the following lines to the rpm/Dockerfile before it runs the command to install expect, then it fixes the build.

RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
RUN sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo
RUN sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
RUN sed -i 's|http://download.fedoraproject.org/pub/epel/6/|https://archives.fedoraproject.org/pub/archive/epel/6/|g' /etc/yum.repos.d/*.repo
RUN sed -i 's|http://download.fedoraproject.org/pub/epel/testing/6/|https://archives.fedoraproject.org/pub/archive/epel/testing/6/|g' /etc/yum.repos.d/*.repo

This will make a Dockerfile that looks like this:

FROM       jswank/centos-rpm:7
MAINTAINER Jason Swank <jswank@sonatype.com>

RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
RUN sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo
RUN sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
RUN sed -i 's|http://download.fedoraproject.org/pub/epel/6/|https://archives.fedoraproject.org/pub/archive/epel/6/|g' /etc/yum.repos.d/*.repo
RUN sed -i 's|http://download.fedoraproject.org/pub/epel/testing/6/|https://archives.fedoraproject.org/pub/archive/epel/testing/6/|g' /etc/yum.repos.d/*.repo
RUN yum -y install expect

# force sha256 signature of rpm, instead of old default of sha1 used by CentOS7
RUN echo '%_gpg_digest_algo sha256' >> /usr/lib/rpm/macros

COPY ./ /data
RUN chown -R nobody /data/*
VOLUME /data

USER nobody
WORKDIR /data

This build process should still likely be updated to no longer use CentOS if possible.

bhamail commented 1 month ago

@brandan-schmitz Thanks for digging into this! I agree the best path forward would be to no longer use CentOS, but I like the idea of getting the build working again in the short term.

I'd like to move forward with your fix, but I have a question: The last couple sed lines that alter "epel" urls don't appear to apply in this case because the original urls do not have version "6" in them (they all have version "7"). This makes me think maybe those last two sed lines are not needed? (or should exclude the version number?)

brandan-schmitz commented 1 month ago

The last couple sed lines that alter "epel" urls don't appear to apply in this case because the original urls do not have version "6" in them (they all have version "7"). This makes me think maybe those last two sed lines are not needed? (or should exclude the version number?)

@bhamail you are correct that those are not needed. I missed that I still included those in my above comment. I had tested using the jswank/centos-rpm:latest image at one point and had to use those but forgot to remove them when I went back to the jswank/centos-rpm:7 image after realizing that one was actually more updated.

bhamail commented 1 month ago

@bhamail you are correct that those are not needed. I missed that I still included those in my above comment. I had tested using the jswank/centos-rpm:latest image at one point and had to use those but forgot to remove them when I went back to the jswank/centos-rpm:7 image after realizing that one was actually more updated.

Excellent! Do you want to create a PR?

brandan-schmitz commented 1 month ago

I can, however it would be a few days before I am back at my actual computer I can do that with as I left for a trip today! I have no problem is someone else does in my place to get it fixed sooner.