Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-14530

Adding a new node to an HA instance upgraded to 5.4.x fails

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 5.4.0, 5.4.1, 5.4.3, 5.4.4
    • Fix Version/s: 5.4.4
    • Component/s: HA
    • Labels:
      None

      Description

      Adding a new node to an HA instance upgraded to 5.4.x (from a pre 5.4 version) fails.

      To reproduce:

      1. Setup an Art HA (5.2.1) with two nodes
      2. Upgrade them to 5.4.0
      3. Add a new third node (5.4.0) with the bootstrap bundle (or re-add the secondary by removing the access/security/db.properties/etc and using the bootstrap bundle)
      4. Observe the failure of the new node to generate a token due to a mismatch in the service_id
      The bundle can be generated before or after the upgrade

      Workaround:

      Change the $ARTIFACTORY_HOME/etc/security/access/keys/service_id file of the node that failed to be added to match the contents of the working nodes' service_id.

      Error in artifactory.log

      2017-07-05 21:12:26,459 [art-init] [ERROR] (o.a.s.a.AccessServiceImpl:322) - Failed to create token for subject ‘jfrt@028306c9-e091-41cf-b0f3-2434b00ccdad/nodes/sf-dev-app-04’: HTTP response status 403:{
        “errors” : [ {
          “code” : “FORBIDDEN”,
          “message” : “Principal jf-artifactory@028306c9-e091-41cf-b0f3-2434b00ccdad is not permitted to create tokens for audience ‘[jfrt@028306c9-e091-41cf-b0f3-2434b00ccdad]‘”
        } ]
      }
      2017-07-05 21:12:26,467 [art-init] [ERROR] (o.a.w.s.ArtifactoryContextConfigListener:97) - Application could not be initialized: HTTP response status 403:{
        “errors” : [ {
          “code” : “FORBIDDEN”,
          “message” : “Principal jf-artifactory@028306c9-e091-41cf-b0f3-2434b00ccdad is not permitted to create tokens for audience ‘[jfrt@028306c9-e091-41cf-b0f3-2434b00ccdad]‘”
        } ]
      }
      java.lang.reflect.InvocationTargetException: null
          at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0_121]
          at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[na:1.8.0_121]
          at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:1.8.0_121]
          at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[na:1.8.0_121]
          at org.artifactory.webapp.servlet.ArtifactoryContextConfigListener.configure(ArtifactoryContextConfigListener.java:222) ~[artifactory-web-application-5.4.0.jar:na]
          at org.artifactory.webapp.servlet.ArtifactoryContextConfigListener.access$2(ArtifactoryContextConfigListener.java:184) ~[artifactory-web-application-5.4.0.jar:na]
          at org.artifactory.webapp.servlet.ArtifactoryContextConfigListener$1.run(ArtifactoryContextConfigListener.java:93) ~[artifactory-web-application-5.4.0.jar:na]
      Caused by: org.springframework.beans.factory.BeanInitializationException: Failed to initialize bean ‘org.artifactory.addon.ha.propagate.HaPropagationService’.; nested exception is java.lang.RuntimeException: Failed to create token for subject ‘jfrt@028306c9-e091-41cf-b0f3-2434b00ccdad/nodes/sf-dev-app-04’.
          at org.artifactory.spring.ArtifactoryApplicationContext.refresh(ArtifactoryApplicationContext.java:230) ~[artifactory-core-5.4.0.jar:na]
          at org.artifactory.spring.ArtifactoryApplicationContext.<init>(ArtifactoryApplicationContext.java:114) ~[artifactory-core-5.4.0.jar:na]
          ... 7 common frames omitted
      Caused by: java.lang.RuntimeException: Failed to create token for subject ‘jfrt@028306c9-e091-41cf-b0f3-2434b00ccdad/nodes/sf-dev-app-04’.
          at org.artifactory.security.access.AccessServiceImpl.createToken(AccessServiceImpl.java:324) ~[artifactory-core-5.4.0.jar:na]
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_121]
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_121]
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_121]
          at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_121]
          at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) ~[spring-aop-4.1.5.RELEASE.jar:4.1.5.RELEASE]
          at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:201) ~[spring-aop-4.1.5.RELEASE.jar:4.1.5.RELEASE]
          at com.sun.proxy.$Proxy157.createToken(Unknown Source) ~[na:na]
          at org.artifactory.addon.ha.propagate.HaPropagationServiceImpl.createAndSaveCommunicationToken(HaPropagationServiceImpl.java:162) ~[artifactory-addon-ha-5.4.0.jar:na]
          at org.artifactory.addon.ha.propagate.HaPropagationServiceImpl.initCommunicationToken(HaPropagationServiceImpl.java:110) ~[artifactory-addon-ha-5.4.0.jar:na]
          at org.artifactory.addon.ha.propagate.HaPropagationServiceImpl.init(HaPropagationServiceImpl.java:95) ~[artifactory-addon-ha-5.4.0.jar:na]
          at sun.reflect.GeneratedMethodAccessor90.invoke(Unknown Source) ~[na:na]
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_121]
          at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_121]
          at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) ~[spring-aop-4.1.5.RELEASE.jar:4.1.5.RELEASE]
          at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) ~[spring-aop-4.1.5.RELEASE.jar:4.1.5.RELEASE]
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.1.5.RELEASE.jar:4.1.5.RELEASE]
          at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) ~[spring-tx-4.1.5.RELEASE.jar:4.1.5.RELEASE]
          at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281) ~[spring-tx-4.1.5.RELEASE.jar:4.1.5.RELEASE]
          at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) ~[spring-tx-4.1.5.RELEASE.jar:4.1.5.RELEASE]
          at org.artifactory.storage.fs.lock.aop.LockingAdvice.invoke(LockingAdvice.java:76) ~[artifactory-storage-common-5.4.0.jar:na]
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.1.5.RELEASE.jar:4.1.5.RELEASE]
          at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) ~[spring-aop-4.1.5.RELEASE.jar:4.1.5.RELEASE]
          at com.sun.proxy.$Proxy212.init(Unknown Source) ~[na:na]
          at org.artifactory.spring.ArtifactoryApplicationContext.refresh(ArtifactoryApplicationContext.java:228) ~[artifactory-core-5.4.0.jar:na]
          ... 8 common frames omitted
      Caused by: org.jfrog.access.client.AccessClientHttpException: HTTP response status 403:{
        “errors” : [ {
          “code” : “FORBIDDEN”,
          “message” : “Principal jf-artifactory@028306c9-e091-41cf-b0f3-2434b00ccdad is not permitted to create tokens for audience ‘[jfrt@028306c9-e091-41cf-b0f3-2434b00ccdad]‘”
        } ]
      }
          at org.jfrog.access.client.http.AccessHttpClient.createRestResponse(AccessHttpClient.java:312) ~[access-client-core-2.0.0.jar:na]
          at org.jfrog.access.client.http.AccessHttpClient.restCall(AccessHttpClient.java:299) ~[access-client-core-2.0.0.jar:na]
          at org.jfrog.access.client.http.AccessHttpClient.createToken(AccessHttpClient.java:133) ~[access-client-core-2.0.0.jar:na]
          at org.jfrog.access.client.token.TokenClientImpl.create(TokenClientImpl.java:36) ~[access-client-core-2.0.0.jar:na]
          at org.artifactory.security.access.AccessServiceImpl.createToken(AccessServiceImpl.java:319) ~[artifactory-core-5.4.0.jar:na]
          ... 32 common frames omitted
      2017-07-05 21:12:29,618 [http-nio-8081-exec-5] [ERROR] (o.a.w.s.ArtifactoryFilter:188) - Artifactory failed to initialize: Context is null
      

        Attachments

          Activity

            People

            • Assignee:
              yinona Yinon Avraham
              Reporter:
              arturoa Arturo Aparicio
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: