Release Automation

 View Only
Expand all | Collapse all

Migration from internal Nexus to external Artifactory

  • 1.  Migration from internal Nexus to external Artifactory

    Posted Mar 22, 2017 05:50 AM

    I'm migrating the repository. For that i'm following instructions in "CA-Release-Automation-Artifactory-HA-Best-PracticesV2.5" but something goes wrong with the keystore:

     

    In the agent logs:

    017-03-21 17:35:48,644 [WrapperSimpleAppMain] ERROR (com.nolio.platform.agent.DeployerLifecycle:506) - failed to start agent

    java.lang.Error: Failed to create SSL contexts:Keystore was tampered with, or password was incorrect

     

    I'm sure password is correct.

     

    This is what I did:

    After stopping RA, under /opt/ReleaseAutomationServer/conf substituted nolio-repo.properties with

     

    # If you intend to use encrypted repository password, Please use the encrypt_password.bat/sh utility to encrypt the password.
    type=artifactory
    scheme=https
    hostname=ArtifIP
    port=443
    repositoryPath=/artifactory/nolio
    actionRepositoryPath=/artifactory/nolio-actions
    manifestRepositoryPath=/artifactory/nolio-manifests
    username=myUser
    password=myPassword
    passwordEncrypted=false
    deleteAnonymousUser=false

     

    Then I created the new nolio.jks using myCert.crt, created from Artifactory as follow:

     

    jre/bin/keytool -import -file conf/myCert.crt -alias balanced_load -keystore ./nolio.jks

     

    When asked for a password I've used again myPassword.

     

    When trying to start the RA it doesn't work. Trying with the agent (putting nolio.jks in its conf folder) I 've got the above error.

     

     

    Any suggestions?



  • 2.  Re: Migration from internal Nexus to external Artifactory

    Posted Mar 22, 2017 08:06 AM

    Hi Marco

    You said this error is happen when you tried to start RA agent so I want to ask if you create new nolio.jks or use the default one that came with RA installation?

    If you use the default one - did you use the default nolio.jks password?

    Thanks

    Jacky 



  • 3.  Re: Migration from internal Nexus to external Artifactory

    Posted Mar 22, 2017 09:10 AM

    I created a new nolio.jks with the keytool.



  • 4.  Re: Migration from internal Nexus to external Artifactory

    Posted Mar 22, 2017 09:21 AM

    OK and did you update nimi_config.xml with the new values?

    might be this is the reason the agent not starting 



  • 5.  Re: Migration from internal Nexus to external Artifactory

    Posted Mar 22, 2017 09:29 AM

    No, didn't know. Do you mean to update:

     

    <security>
    <enabled>false</enabled>
    <keystore>conf/keyStore.jks</keystore>
    <keystore_password>E8A1491BD9EF9F79E11C0640C0EC0BA4</keystore_password>
    <trust_store>conf/nolio.jks</trust_store>
    <trustore_password>E8A1491BD9EF9F79E11C0640C0EC0BA4</trustore_password>
    </security>

     

    ?

     

    But wich is the password?



  • 6.  Re: Migration from internal Nexus to external Artifactory

    Posted Mar 22, 2017 10:09 AM

    This the default password CA use.

    If you changed nolio.jks password than this file need to be update as well.



  • 7.  Re: Migration from internal Nexus to external Artifactory

    Posted Mar 27, 2017 04:22 AM

    Tried to use the default password "changeit" with a copy of conf/nolio.jks but it doesn't work:

     

    keytool -import -file my.crt -alias balanced_load -keystore ./nolio.jks
    Enter keystore password:
    keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect



  • 8.  Re: Migration from internal Nexus to external Artifactory

    Posted Mar 27, 2017 04:35 AM

    HI Marco

    changeit is the default password for cacert file , not for nolio.jks.Can you check in conf/server.xml ?

    Jacky  



  • 9.  Re: Migration from internal Nexus to external Artifactory

    Posted Mar 27, 2017 11:42 AM

    Hi Jacky,

    Got the password from server.xml, used it for updating nolio.jks and now keytool work. Then restarted but got error about the absence of custom-truststore.jks. I created it using the same cert of nolio.jks and it looks connected but now I've:

     

    2017-03-27 17:28:20,366 [ActionsSyncTimer] ERROR (ActionPackConsole:189) - Failed to sync the repository with the [actionslib] folder: Problem while getting updated action package sac. Failed to execute HttpGet for artifact [/artifactory/nolio-actions/default_actions_group/sac/1.3/sac-1.3.jar.md5] from default repository [https://10.2.101.174:443/artifactory/nolio].



  • 10.  Re: Migration from internal Nexus to external Artifactory

    Posted Mar 28, 2017 10:05 AM

    Does the NAC manage to connect to the repository over https?

    Try to create artifact and select to store it in the repository and see if it works

    This will allow you to see if the issue related to the agent or NAC communication with repository



  • 11.  Re: Migration from internal Nexus to external Artifactory

    Posted Mar 28, 2017 10:13 AM

    It's the NAC that fails to connect. The logs are related to it. We don't understand what's missing



  • 12.  Re: Migration from internal Nexus to external Artifactory

    Posted Mar 22, 2017 10:04 AM

    Hi, Marco,

     

    Did you check the link CA Release Automation SSL Configuration.docx  which describes the SSL configuration , Check out page 15 for more details.

     

    Thanks.. 



  • 13.  Re: Migration from internal Nexus to external Artifactory

    Broadcom Employee
    Posted Apr 12, 2017 10:13 AM

    Hi .

     

     

    You get this error

    Failed to create SSL contexts:Keystore was tampered with, or password was incorrect

    When the password for the keystore and the stored keypair / certificate does not match .

    You have to make sure that the imported key or certifcate has the same password as the keystore

    You can list the content off the keystore for example with

    keytool -list -v -keystore mykeystore.jks

    To update the password for the key entry you can use

    keytool -keypasswd -alias 1 -keystore  mykeystore.jks

    It will ask for the old and new password

     

    Regards

    Dirk



  • 14.  Re: Migration from internal Nexus to external Artifactory

    Broadcom Employee
    Posted Apr 12, 2017 10:58 AM

    Hi Dirk,

    I think we can make this question as close as Marco opened the case with us and we worked on case to have successful migration.

     

    Regards,

    Saurabh



  • 15.  Re: Migration from internal Nexus to external Artifactory
    Best Answer

    Posted Apr 13, 2017 03:39 AM

    Solved thanks to support. What I missed was to understand that nolio.jks of the Server is different from the one of the agents. I copied the first one inside config of the agents, instead of adding the certificate on each of them.

     

    Another not obviouse point to me:

    To migrate jar from Nexus to Artifactory you have to copy the contents of "actionslib" to "uploadActions".

     

    Thanks,

    Marco