Re-adding my response to PAM in a different RT:
It seems to be an issue with the actual plugin nexus-staging-maven-plugin. It is broken when it comes to SNI / SAN certificates. I am still checking what we can do with my team but it looks like Sonatype stated that they won't fix this. My team is looking into how to fix it right now by not having a certification doing SNI / SAN until we are able to get to a permanent fix which would be to not use the plugin and use maven-deploy-plugin instead which is what the global-jjb jobs use. I am updating more information as I get it thanks! Jess On Fri Apr 26 10:14:06 2019, [email protected] wrote: > All, > > CCSDK is having the same issue, starting yesterday. > > I’ve been looking at this a bit (thinking at first it was just me), > and found the following in the CCSDK builds: > > > * If you browse to https://nexus.onap.org and look at the > certificate in your browser, it looks fine (nexus.onap.org is the CN > and also the only SAN). > * I see this problem in our daily release builds, and in one of our > merge builds, but not all the merge builds. > * Our staging builds seem to be unaffected. > > That first observation made me suspect a bad cached DNS entry on > Jenkins, but that would have broken ALL builds except verify builds, > and that’s not what I’m seeing. I also thought perhaps this had to do > with the staging plugin, but some of the builds that work use the > staging plugin (which is used even for snapshot builds – which is sort > of pointless, but that’s how the plugin works: it’s not smart enough > to only disable the deploy-plugin for release versions). > > I don’t know how helpful those observations will be, but thought I’d > share. > > Dan > > Dan Timoney > Principal Technical Staff Member > AT&T > Email : [email protected]<mailto:[email protected]> > Office : +1 (732) 420-3226 > Mobile : +1 (201) 960-1211 > 200 S Laurel Ave, Rm E2-2A03 > Middletown, NJ 08873 > > From: onap-discuss <[email protected]> on behalf of > "DRAGOSH, PAM" <[email protected]> > Reply-To: onap-discuss <[email protected]>, "DRAGOSH, PAM" > <[email protected]> > Date: Friday, April 26, 2019 at 8:07 AM > To: Bengt Thuree via RT <[email protected]> > Cc: onap-discuss <[email protected]> > Subject: [onap-discuss] nexus having certificate issues > > ***Security Advisory: This Message Originated Outside of AT&T *** > Reference http://cso.att.com/EmailSecurity/IDSP.html for more > information. > > > Hi, > > Our Jenkins jobs are struggling to run: > > https://jenkins.onap.org/view/policy/job/policy-parent-master-release- > version-java- > daily/26/console<https://urldefense.proofpoint.com/v2/url?u=https- > 3A__jenkins.onap.org_view_policy_job_policy-2Dparent-2Dmaster- > 2Drelease-2Dversion-2Djava-2Ddaily_26_console&d=DwMGaQ&c=LFYZ- > o9_HUMeMTSQicvjIg&r=qLcfee4a2vOwYSub0bljcQ&m=cTzdGHfgEOFz0WnO_z- > aFwUCmNXKty0Gl54Gcg0XRl4&s=49H35uzCp5C_Oj9GCyd733t5unZVrmSwVSWrsqxKUnM&e=> > > ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging- > maven-plugin:1.6.7:deploy (injected-nexus-deploy) on project policy- > parent: Execution injected-nexus-deploy of goal > org.sonatype.plugins:nexus-staging-maven-plugin:1.6.7:deploy failed: > Nexus connection problem to URL > [https://nexus.onap.org<https://urldefense.proofpoint.com/v2/url?u=https- > 3A__nexus.onap.org_&d=DwMGaQ&c=LFYZ- > o9_HUMeMTSQicvjIg&r=jwTiArcEj6aUX0HjV0M3dT12gUtk7rC07xpgpVZkS_4&m=nJfsg8aR5stzdNSv2D_rG3UfnjauFQSmXmL4exNmZ6g&s=Tp97v76hod2SCWivF4oIO4T2F95CabUglk4fZsp0zRE&e=> > ]: com.sun.jersey.api.client.ClientHandlerException: > javax.net.ssl.SSLException: hostname in certificate didn't match: > <nexus.onap.org> != <logs.onap.org> OR <logs.onap.org> -> [Hel > > Other teams have reported similar issue: > > 13:07:46 [ERROR] Failed to execute goal org.sonatype.plugins:nexus- > staging-maven-plugin:1.6.7:deploy (injected-nexus-deploy) on project > multicloud-openstack-starlingx: Execution injected-nexus-deploy of > goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.7:deploy > failed: Nexus connection problem to URL > [https://nexus.onap.org<https://urldefense.proofpoint.com/v2/url?u=https- > 3A__nexus.onap.org&d=DwMFAg&c=LFYZ- > o9_HUMeMTSQicvjIg&r=jwTiArcEj6aUX0HjV0M3dT12gUtk7rC07xpgpVZkS_4&m=XMhF1nHcAAefPx41nL9y6ejJ8RGaIs6- > LmAKx9vQD4g&s=LZIsvpnglSC1Fllz4jNcOV31yinzHaUMZRJZoxp31a4&e=> ]: > com.sun.jersey.api.client.ClientHandlerException: > javax.net.ssl.SSLException: hostname in certificate didn't match: > <nexus.onap.org> != <logs.onap.org> OR <logs.onap.org> -> [Help 1] > > can someone please check? > > Thanks! > > Pam > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16767): https://lists.onap.org/g/onap-discuss/message/16767 Mute This Topic: https://lists.onap.org/mt/31357027/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
