Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Artifactory not starting (OpenShift) #1938

Open
jkdev2 opened this issue Nov 11, 2024 · 10 comments
Open

Artifactory not starting (OpenShift) #1938

jkdev2 opened this issue Nov 11, 2024 · 10 comments

Comments

@jkdev2
Copy link

jkdev2 commented Nov 11, 2024

Is this a request for help?: yes

Is this a BUG REPORT or FEATURE REQUEST? (choose one): BUG REPORT

Version of Helm and Kubernetes: helm 3.16.2, RKE2 kubernetes 1.26.15

Which chart: artifactory-oss

Which product license (Enterprise/Pro/oss): oss

JFrog support reference (if already raised with support team): -

What happened: We are running the chart on OpenShift. The application is always restarting and I could't identify the main issue why the application doesn't start.
I tried to keep the configuration as default as possible. It's a fresh installation. Here is the log from access and artifactory container:

access:

Preparing to run Access in Docker
Running as uid=1001160000(1001160000) gid=0(root) groups=0(root),1001160000
Resolved .shared.database.type (postgresql) from /opt/jfrog/artifactory/var/etc/system.yaml
Resolved .shared.database.url (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
Waiting for DB postgresql to be ready on artifactory-postgresql/5432 for 30 seconds
Copying Access bootstrap files
2024-11-11T08:27:30.474Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.maxThreads (50) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:30.678Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.extraConfig (acceptCount="100") from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:30.877Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.extraJavaOpts (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:30.982Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.extraJavaOpts (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:31.180Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.database.type (postgresql) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:31.408Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.database.url (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:31.584Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_SHARED_DATABASE_PASSWORD (__sensitive_key_hidden___) from environment variable
2024-11-11T08:27:31.710Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.database.maxOpenConnections (80) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:31.983Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1632       ] [main] - Checking open files and processes limits
2024-11-11T08:27:32.000Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1635       ] [main] - Current max open files is 1048576
2024-11-11T08:27:32.072Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1646       ] [main] - Current max open processes is 4194304
.jfconnect_service key is misplaced or doesnt apply at this location
yaml validation failed
2024-11-11T08:27:32.113Z [shell] �[1;31m[WARN ]�[0m [] [installerCommon.sh:819        ] [main] - System.yaml validation failed
[TRACE] JDBC to PostgreSQL URL conversion: begin
[INFO ] No ssl parameter found, falling back to sslmode=disable
[TRACE] JDBC to PostgreSQL URL conversion: end

Database connection successful
2024-11-11T08:27:32.285Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1715       ] [main] - Testing directory /opt/jfrog/artifactory/var has read/write permissions for user id 1001160000
2024-11-11T08:27:32.315Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1730       ] [main] - Permissions for /opt/jfrog/artifactory/var are good
2024-11-11T08:27:32.505Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:3508       ] [main] - Setting JF_SHARED_NODE_ID to artifactory-0
2024-11-11T08:27:32.618Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:3508       ] [main] - Setting JF_SHARED_NODE_IP to 10.129.35.141
2024-11-11T08:27:32.776Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:3508       ] [main] - Setting JF_SHARED_NODE_NAME to artifactory-0
2024-11-11T08:27:32.910Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.extraJavaOpts (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:32.988Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:2837       ] [main] - Removed duplicate java argument -XX:MaxRAMPercentage=25
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted
2024-11-11T08:27:33.373Z [shell] �[38;5;69m[INFO ]�[0m [] [nativeCommon.sh:66            ] [main] - Saving /opt/jfrog/artifactory/app/access/tomcat/conf/server.xml as /opt/jfrog/artifactory/app/access/tomcat/conf/server.xml.orig
2024-11-11T08:27:33.395Z [shell] �[38;5;69m[INFO ]�[0m [] [nativeCommon.sh:70            ] [main] - Using Tomcat template to generate : /opt/jfrog/artifactory/app/access/tomcat/conf/server.xml
2024-11-11T08:27:33.573Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${access.http.port||8040} to default value : 8040
2024-11-11T08:27:33.680Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.sendReasonPhrase (false) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:33.699Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${access.tomcat.connector.sendReasonPhrase||false} to default value : false
2024-11-11T08:27:33.810Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.maxThreads (50) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:33.881Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${access.tomcat.connector.maxThreads||50} to default value : 50
2024-11-11T08:27:33.988Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.extraConfig (acceptCount="100") from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:34.174Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_PRODUCT_HOME (/opt/jfrog/artifactory) from environment variable
2024-11-11T08:27:34.312Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${access.tomcat.workDir||/opt/jfrog/artifactory/var/work/access/tomcat} to default value : /opt/jfrog/artifactory/var/work/access/tomcat
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted

========================
JF Environment variables
========================

JF_ACCESS_PID                       : /opt/jfrog/artifactory/app/run/access.pid
JF_ARTIFACTORY_USER                 : artifactory
JF_SHARED_RESTRICTEDMODE_ENABLED    : true
JF_SHARED_NODE_ID                   : artifactory-0
JF_SHARED_NODE_IP                   : 10.129.35.141
JF_ACCESS_EXTRAJAVAOPTS             : ******
-XX:MaxRAMPercentage                : 70
JF_PRODUCT_DATA_INTERNAL            : /var/opt/jfrog/artifactory
JF_SYSTEM_YAML                      : /opt/jfrog/artifactory/var/etc/system.yaml
JF_PRODUCT_HOME                     : /opt/jfrog/artifactory
JF_SHARED_DATABASE_PASSWORD         : ******
JF_SHARED_NODE_NAME                 : artifactory-0
2024-11-11T08:27:34.984Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1292       ] [main] - Redirection is set to false. Skipping catalina log redirection
[0.001s][warning][stringdedup] String Deduplication disabled: not supported by selected GC
2024-11-11T08:27:36.278L �[35m[tomct]�[0m [WARNING] [                ] [org.apache.tomcat.util.digester.Digester] [org.apache.tomcat.util.digester.SetPropertiesRule begin] - Match [Server/Service/Connector] failed to set property [sendReasonPhrase] to [false] 
2024-11-11T08:27:37.476L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.coyote.http11.Http11NioProtocol] [org.apache.coyote.AbstractProtocol init] - Initializing ProtocolHandler ["http-nio-127.0.0.1-8040"] 
2024-11-11T08:27:37.579L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.catalina.core.StandardService] [org.apache.catalina.core.StandardService startInternal] - Starting service [Catalina] 
2024-11-11T08:27:37.579L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.catalina.core.StandardEngine] [org.apache.catalina.core.StandardEngine startInternal] - Starting Servlet engine: [Apache Tomcat/10.1.28] 
2024-11-11T08:27:37.672L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.catalina.startup.HostConfig] [org.apache.catalina.startup.HostConfig deployDescriptor] - Deploying deployment descriptor [/opt/jfrog/artifactory/app/access/tomcat/conf/Catalina/localhost/access.xml] 
2024-11-11T08:27:37.682L �[35m[tomct]�[0m [WARNING] [                ] [org.apache.catalina.startup.HostConfig] [org.apache.catalina.startup.HostConfig deployDescriptor] - The path attribute with value [/access] in deployment descriptor [/opt/jfrog/artifactory/app/access/tomcat/conf/Catalina/localhost/access.xml] has been ignored 
2024-11-11T08:27:49.571Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [a5f9ef9aec387086] [licationContextInitializer:166] [main                ] - Access (jfac) service initialization started. Version: 7.128.4 Revision: 82804900 PID: 2470 Home: /opt/jfrog/artifactory FIPS Mode: none
2024-11-11T08:27:49.992Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [a5f9ef9aec387086] [o.j.a.AccessApplication:50    ] [main                ] - Starting AccessApplication v7.128.4 using Java 17.0.12 with PID 2470 (/opt/jfrog/artifactory/app/access/tomcat/webapps/access/WEB-INF/lib/access-application-7.128.4.jar started by 1001160000 in /opt/jfrog/artifactory)
2024-11-11T08:27:49.993Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [a5f9ef9aec387086] [o.j.a.AccessApplication:660   ] [main                ] - The following 1 profile is active: "production"
2024-11-11T08:28:20.672Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [a5f9ef9aec387086] [alConfigurationServiceBase:151] [main                ] - Current configurations are the same as the new configurations, no need for an update. No action was taken.
2024-11-11T08:28:25.175Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [a5f9ef9aec387086] [.s.s.s.ServiceConfigFactory:47] [main                ] - Initializing task scheduler with 9 threads
2024-11-11T08:28:25.377Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [a5f9ef9aec387086] [j.a.s.s.t.TokenServiceImpl:236] [main                ] - Scheduling task for revoking expired tokens using cron expression: 14 7 0/1 * * ?
2024-11-11T08:28:35.377Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [a5f9ef9aec387086] [b.AccessServerBootstrapImpl:54] [main                ] - [ACCESS BOOTSTRAP] Starting JFrog Access bootstrap...
2024-11-11T08:28:35.979Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [a5f9ef9aec387086] [b.AccessServerBootstrapImpl:70] [main                ] - [ACCESS BOOTSTRAP] JFrog Access bootstrap finished.
2024-11-11T08:28:35.991Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [a5f9ef9aec387086] [.s.j.JfConnectConfiguration:42] [main                ] - JFCON entitlements are disabled. jfconnect.enabled and jflink.enabled are false or undefined
2024-11-11T08:28:37.774Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [a5f9ef9aec387086] [o.j.a.s.s.JoinKeyAccess:213   ] [main                ] - Cluster join: Join key loaded successfully (from: /opt/jfrog/artifactory/var/etc/security/join.key)
2024-11-11T08:28:44.281Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [a5f9ef9aec387086] [a.c.RefreshableScheduledJob:53] [main                ] - Scheduling staleTokenCleanup task to run every 3600 seconds
2024-11-11T08:28:44.295Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [                ] [.j.a.s.s.SystemScheduledJob:37] [main                ] - Scheduling Readiness task to run with 15000 milliseconds fixed delay
2024-11-11T08:28:44.372Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7ea50c842467cdd8] [a.c.RefreshableScheduledJob:53] [main                ] - Scheduling heartbeat task to run every 5 seconds
2024-11-11T08:28:44.376Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7ea50c842467cdd8] [a.c.RefreshableScheduledJob:53] [main                ] - Scheduling KeepAliveFederationServers task to run every 86400 seconds
2024-11-11T08:28:45.273Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7ea50c842467cdd8] [a.c.RefreshableScheduledJob:53] [main                ] - Scheduling federationCleanupService task to run every 1209600 seconds
2024-11-11T08:28:45.376Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7ea50c842467cdd8] [.h.AccessNodeIdProviderImpl:96] [main                ] - Service id initialized: jfac@01jc32hhht3m320kay32ws07rk, for tenant: single_tenant
2024-11-11T08:28:45.472Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7ea50c842467cdd8] [.s.t.NotifyTokenExpiryTask:125] [main                ] - New cron schedule expression for notifying user of expiring tokens - 0 00 8 * * ?
2024-11-11T08:28:45.480Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7ea50c842467cdd8] [a.c.RefreshableScheduledJob:53] [main                ] - Scheduling EmailsLogCleanup task to run every 86400 seconds
2024-11-11T08:28:45.486Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7ea50c842467cdd8] [a.c.RefreshableScheduledJob:53] [main                ] - Scheduling PasswordExpiryEmailReminder task to run every 86400 seconds
2024-11-11T08:28:45.571Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7ea50c842467cdd8] [a.c.RefreshableScheduledJob:53] [main                ] - Scheduling unusedLicensesCleanup task to run every 86400 seconds
2024-11-11T08:28:45.779Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7cd12922aaede413] [a.c.RefreshableScheduledJob:53] [main                ] - Scheduling loadCertificates task to run every 30 seconds
2024-11-11T08:28:47.385Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7cd12922aaede413] [o.j.a.s.r.s.GrpcServerImpl:100] [main                ] - Starting gRPC Server on port 8045
2024-11-11T08:28:49.179Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7cd12922aaede413] [o.j.a.s.r.s.GrpcServerImpl:133] [main                ] - gRPC Server started, listening on 8045
2024-11-11T08:28:52.071Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7ea50c842467cdd8] [o.j.c.ExecutionUtils:289      ] [jf-common-pool-1    ] - Retry 10 Elapsed 6.69 secs failed: Registration with router on URL http://localhost:8046 failed with error: UNAVAILABLE: io exception. Trying again
2024-11-11T08:28:55.488Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7cd12922aaede413] [o.j.a.AccessApplication:56    ] [main                ] - Started AccessApplication in 70.715 seconds (process running for 80.304)
2024-11-11T08:28:55.582Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7cd12922aaede413] [s.d.u.AccessJdbcHelperImpl:155] [main                ] - Notifying tenants on DB migration completion
2024-11-11T08:28:55.875L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.catalina.startup.HostConfig] [org.apache.catalina.startup.HostConfig deployDescriptor] - Deployment of deployment descriptor [/opt/jfrog/artifactory/app/access/tomcat/conf/Catalina/localhost/access.xml] has finished in [78,202] ms 
2024-11-11T08:28:55.875L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.catalina.startup.HostConfig] [org.apache.catalina.startup.HostConfig deployDirectory] - Deploying web application directory [/opt/jfrog/artifactory/app/access/tomcat/webapps/ROOT] 
2024-11-11T08:28:55.884L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.catalina.startup.HostConfig] [org.apache.catalina.startup.HostConfig deployDirectory] - Deployment of web application directory [/opt/jfrog/artifactory/app/access/tomcat/webapps/ROOT] has finished in [9] ms 
2024-11-11T08:28:55.887L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.coyote.http11.Http11NioProtocol] [org.apache.coyote.AbstractProtocol start] - Starting ProtocolHandler ["http-nio-127.0.0.1-8040"] 
2024-11-11T08:28:57.084Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7ea50c842467cdd8] [o.j.c.ExecutionUtils:289      ] [jf-common-pool-1    ] - Retry 20 Elapsed 11.7 secs failed: Registration with router on URL http://localhost:8046 failed with error: UNAVAILABLE: io exception. Trying again
2024-11-11T08:29:02.172Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [7ea50c842467cdd8] [o.j.c.ExecutionUtils:289      ] [jf-common-pool-1    ] - Retry 30 Elapsed 16.79 secs failed: Registration with router on URL http://localhost:8046 failed with error: UNAVAILABLE: io exception. Trying again
/opt/jfrog/artifactory/app/access/bin/access.sh: line 152:  2470 Killed                  $TOMCAT_HOME/bin/catalina.sh run

artifactory:

Preparing to run Artifactory in Docker
Running as uid=1001160000(1001160000) gid=0(root) groups=0(root),1001160000
Dockerfile for this image can found inside the container.
To view the Dockerfile: 'cat /docker/artifactory-oss/Dockerfile.artifactory'.
Resolved .shared.database.type (postgresql) from /opt/jfrog/artifactory/var/etc/system.yaml
Resolved .shared.database.url (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
Waiting for DB postgresql to be ready on artifactory-postgresql/5432 for 30 seconds
Copying Artifactory bootstrap files
2024-11-11T08:27:05.302Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .artifactory.tomcat.connector.maxThreads (200) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:05.352Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.maxThreads (50) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:05.413Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .artifactory.tomcat.connector.extraConfig (acceptCount="400") from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:05.498Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.extraConfig (acceptCount="100") from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:05.609Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.extraJavaOpts (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:05.661Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.extraJavaOpts (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:05.825Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.database.type (postgresql) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:05.941Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.database.url (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:06.013Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_SHARED_DATABASE_PASSWORD (__sensitive_key_hidden___) from environment variable
2024-11-11T08:27:06.063Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .artifactory.database.maxOpenConnections (80) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:06.152Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.database.maxOpenConnections (80) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:06.252Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_JFCONNECT_SERVICE_ENABLED (false) from environment variable
2024-11-11T08:27:06.323Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1632       ] [main] - Checking open files and processes limits
2024-11-11T08:27:06.340Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1635       ] [main] - Current max open files is 1048576
2024-11-11T08:27:06.357Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1646       ] [main] - Current max open processes is 4194304
.jfconnect_service key is misplaced or doesnt apply at this location
yaml validation failed
2024-11-11T08:27:06.402Z [shell] �[1;31m[WARN ]�[0m [] [installerCommon.sh:819        ] [main] - System.yaml validation failed
[TRACE] JDBC to PostgreSQL URL conversion: begin
[INFO ] No ssl parameter found, falling back to sslmode=disable
[TRACE] JDBC to PostgreSQL URL conversion: end

Database connection successful
2024-11-11T08:27:06.476Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1715       ] [main] - Testing directory /opt/jfrog/artifactory/var has read/write permissions for user id 1001160000
2024-11-11T08:27:06.503Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1730       ] [main] - Permissions for /opt/jfrog/artifactory/var are good
chown: changing ownership of '/opt/jfrog/artifactory/var/etc': Operation not permitted
2024-11-11T08:27:06.576Z [shell] �[1;31m[WARN ]�[0m [] [installerCommon.sh:819        ] [main] - Could not set owner of [/opt/jfrog/artifactory/var/etc] to [artifactory:artifactory]
2024-11-11T08:27:06.662Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:3508       ] [main] - Setting JF_SHARED_NODE_ID to artifactory-0
2024-11-11T08:27:06.716Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:3508       ] [main] - Setting JF_SHARED_NODE_IP to 10.129.35.141
2024-11-11T08:27:06.771Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:3508       ] [main] - Setting JF_SHARED_NODE_NAME to artifactory-0
2024-11-11T08:27:06.896Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.extraJavaOpts (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:06.928Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:2837       ] [main] - Removed duplicate java argument -Xms512m
2024-11-11T08:27:06.948Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:2837       ] [main] - Removed duplicate java argument -Xmx2g
chmod: changing permissions of '/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/artifactory/tomcat/conf/': Operation not permitted
chown: changing ownership of '/opt/jfrog/artifactory/var/work': Operation not permitted
2024-11-11T08:27:07.162Z [shell] �[1;31m[WARN ]�[0m [] [installerCommon.sh:819        ] [main] - Could not set owner of [/opt/jfrog/artifactory/var/work] to [artifactory:artifactory]
chmod: changing permissions of '/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/artifactory/tomcat/conf/': Operation not permitted
2024-11-11T08:27:07.295Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.runOnArtifactoryTomcat (false) from /opt/jfrog/artifactory/var/etc/system.yaml
chmod: changing permissions of '/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/artifactory/tomcat/conf/': Operation not permitted
2024-11-11T08:27:07.401Z [shell] �[38;5;69m[INFO ]�[0m [] [artifactoryCommon.sh:255      ] [main] - Saving /opt/jfrog/artifactory/app/artifactory/tomcat/conf/server.xml as /opt/jfrog/artifactory/app/artifactory/tomcat/conf/server.xml.orig
2024-11-11T08:27:07.423Z [shell] �[38;5;69m[INFO ]�[0m [] [artifactoryCommon.sh:263      ] [main] - Using Tomcat template to generate : /opt/jfrog/artifactory/app/artifactory/tomcat/conf/server.xml
2024-11-11T08:27:07.496Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${artifactory.port||8081} to default value : 8081
2024-11-11T08:27:07.547Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .artifactory.tomcat.connector.sendReasonPhrase (false) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:07.570Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${artifactory.tomcat.connector.sendReasonPhrase||false} to default value : false
2024-11-11T08:27:07.622Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${artifactory.tomcat.connector.relaxedPathChars||_SQUARE_BRACKETS_} to default value : _SQUARE_BRACKETS_
2024-11-11T08:27:07.684Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${artifactory.tomcat.connector.relaxedQueryChars||_SQUARE_BRACKETS_} to default value : _SQUARE_BRACKETS_
2024-11-11T08:27:07.738Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .artifactory.tomcat.connector.maxThreads (200) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:07.757Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${artifactory.tomcat.connector.maxThreads||200} to default value : 200
2024-11-11T08:27:07.819Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .artifactory.tomcat.connector.extraConfig (acceptCount="400") from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:07.877Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .artifactory.tomcat.maintenanceConnector.port (8091) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:07.895Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${artifactory.tomcat.maintenanceConnector.port||8091} to default value : 8091
2024-11-11T08:27:07.949Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${artifactory.tomcat.maintenanceConnector.maxThreads||5} to default value : 5
2024-11-11T08:27:08.007Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${artifactory.tomcat.maintenanceConnector.acceptCount||5} to default value : 5
2024-11-11T08:27:08.119Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_PRODUCT_HOME (/opt/jfrog/artifactory) from environment variable
2024-11-11T08:27:08.205Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${shared.tomcat.workDir||/opt/jfrog/artifactory/var/work/artifactory/tomcat} to default value : /opt/jfrog/artifactory/var/work/artifactory/tomcat
chmod: changing permissions of '/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/artifactory/tomcat/conf/': Operation not permitted
2024-11-11T08:27:08.353Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.runOnArtifactoryTomcat (false) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-11T08:27:08.382Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_JFCONNECT_SERVICE_ENABLED (false) from environment variable
2024-11-11T08:27:08.442Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_EVENT_ENABLED (false) from environment variable
2024-11-11T08:27:08.481Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_EVIDENCE_ENABLED (false) from environment variable

========================
JF Environment variables
========================

JF_OBSERVABILITY_ENABLED            : false
JF_ARTIFACTORY_USER                 : artifactory
JF_SHARED_RESTRICTEDMODE_ENABLED    : true
JF_FRONTEND_ENABLED                 : false
JF_SHARED_NODE_ID                   : artifactory-0
JF_SHARED_NODE_IP                   : 10.129.35.141
JF_METADATA_ENABLED                 : false
JF_ARTIFACTORY_PID                  : /opt/jfrog/artifactory/app/run/artifactory.pid
JF_EVIDENCE_ENABLED                 : false
JF_SHARED_EXTRAJAVAOPTS             : ******
-Dartifactory.access.client.max.connections : 50
-Xms1g                              : -Xms1g
-Xmx3g                              : -Xmx3g
JF_JFCONNECT_SERVICE_ENABLED        : false
JF_ACCESS_ENABLED                   : false
JF_ROUTER_SERVICE_ENABLED           : false
JF_PRODUCT_DATA_INTERNAL            : /var/opt/jfrog/artifactory
JF_SYSTEM_YAML                      : /opt/jfrog/artifactory/var/etc/system.yaml
JF_ROUTER_ENABLED                   : true
JF_PRODUCT_HOME                     : /opt/jfrog/artifactory
JF_FEDERATION_ENABLED               : false
JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES : jfrt,jfac,jfmd,jffe,jfob
JF_SHARED_DATABASE_PASSWORD         : ******
JF_SHARED_NODE_NAME                 : artifactory-0
JF_EVENT_ENABLED                    : false
2024-11-11T08:27:08.730Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_ROUTER_SERVICE_ENABLED (false) from environment variable
2024-11-11T08:27:08.772Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_METADATA_ENABLED (false) from environment variable
2024-11-11T08:27:08.802Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_EVENT_ENABLED (false) from environment variable
2024-11-11T08:27:08.831Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_FRONTEND_ENABLED (false) from environment variable
2024-11-11T08:27:08.861Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_OBSERVABILITY_ENABLED (false) from environment variable
2024-11-11T08:27:08.898Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_FEDERATION_ENABLED (false) from environment variable
2024-11-11T08:27:08.927Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_EVIDENCE_ENABLED (false) from environment variable
2024-11-11T08:27:09.070Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1292       ] [main] - Redirection is set to false. Skipping catalina log redirection
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:09.598Z","service":"tomcat","loglevel":"WARNING","class":"org.apache.tomcat.util.digester.Digester","message":"Match [Server/Service/Connector] failed to set property [sendReasonPhrase] to [false]"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:10.186Z","service":"tomcat","loglevel":"INFO","class":"org.apache.coyote.http11.Http11NioProtocol","message":"Initializing ProtocolHandler ["http-nio-8081"]"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:10.202Z","service":"tomcat","loglevel":"INFO","class":"org.apache.coyote.http11.Http11NioProtocol","message":"Initializing ProtocolHandler ["http-nio-127.0.0.1-8091"]"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:10.270Z","service":"tomcat","loglevel":"INFO","class":"org.apache.catalina.core.StandardService","message":"Starting service [Catalina]"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:10.271Z","service":"tomcat","loglevel":"INFO","class":"org.apache.catalina.core.StandardEngine","message":"Starting Servlet engine: [Apache Tomcat/10.1.30]"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:10.284Z","service":"tomcat","loglevel":"INFO","class":"org.apache.catalina.startup.HostConfig","message":"Deploying deployment descriptor [/opt/jfrog/artifactory/app/artifactory/tomcat/conf/Catalina/localhost/artifactory.xml]"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:10.294Z","service":"tomcat","loglevel":"WARNING","class":"org.apache.catalina.startup.HostConfig","message":"The path attribute with value [/artifactory] in deployment descriptor [/opt/jfrog/artifactory/app/artifactory/tomcat/conf/Catalina/localhost/artifactory.xml] has been ignored"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:10.400Z","service":"tomcat","loglevel":"WARNING","class":"org.apache.tomcat.util.digester.Digester","message":"Match [Context/CookieProcessor] failed to set property [forwardSlashIsSeparator] to [false]"}}
2024-11-11T08:27:13.032Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [o.a.c.h.ArtifactoryHome:252   ] [Catalina-utility-1  ] - Creating Artifactory home at 'null'
2024-11-11T08:27:13.233Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [o.a.c.h.HaNodeProperties:65   ] [Catalina-utility-1  ] - Artifactory is running in non-clustered mode.
2024-11-11T08:27:13.278Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [tifactoryHomeConfigListener:85] [Catalina-utility-1  ] - Resolved Home: '/opt/jfrog/artifactory
2024-11-11T08:27:13.375Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [o.a.c.h.ArtifactoryHome:1022  ] [Catalina-utility-1  ] - Setting 'alpineNew,swiftNew,vcsNew,cocoapodsNew,condaNew,npmNew,permissions-cache-legacy' to system property 'spring.profiles.active'
2024-11-11T08:27:13.908Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [o.a.c.h.ArtifactoryHome:1022  ] [Catalina-utility-1  ] - Setting 'alpineNew,swiftNew,vcsNew,cocoapodsNew,condaNew,npmNew,permissions-cache-legacy' to system property 'spring.profiles.active'
2024-11-11T08:27:13.973Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [                ] [o.j.c.w.FileWatcher:146       ] [file-watcher-poller ] - Starting watch of folder configurations
2024-11-11T08:27:14.198Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [.BasicConfigurationManager:197] [Catalina-utility-1  ] - Artifactory (jfrt) service initialization started. Version: 7.98.8 Revision: 79808900 PID: 4263 Home: /opt/jfrog/artifactory
2024-11-11T08:27:14.213Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [d.c.m.ConverterManagerImpl:214] [Catalina-utility-1  ] - Triggering PRE_INIT conversion, from 7.98.8 to 7.98.8
2024-11-11T08:27:14.218Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [d.c.m.ConverterManagerImpl:217] [Catalina-utility-1  ] - Finished PRE_INIT conversion, current version is: 7.98.8
2024-11-11T08:27:14.218Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [d.i.DbInitializationManager:48] [Catalina-utility-1  ] - Initializing DB Schema initialization manager
2024-11-11T08:27:14.225Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [.i.DbInitializationManager:177] [Catalina-utility-1  ] - Database: PostgreSQL 15.6. Driver: PostgreSQL JDBC Driver 42.7.2 Pool: postgresql
2024-11-11T08:27:14.300Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [d.i.DbInitializationManager:52] [Catalina-utility-1  ] - DB Schema initialization manager initialized
2024-11-11T08:27:14.602Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [SchemaInitializationManager:48] [Catalina-utility-1  ] - Initializing Post-DB initialization manager
2024-11-11T08:27:14.701Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [.c.ConfigurationManagerImpl:97] [Catalina-utility-1  ] - Starting file sync
2024-11-11T08:27:14.792Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [SchemaInitializationManager:51] [Catalina-utility-1  ] - Post-DB initialization manager initialized
2024-11-11T08:27:14.812Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [o.a.m.MimeTypesReader:73      ] [Catalina-utility-1  ] - Converting mimetypes.xml version from 'v15' to 'v16'
2024-11-11T08:27:15.570Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [097bdc71ea837098] [actoryContextConfigListener:88] [Catalina-utility-1  ] - Artifactory context initialization started for context: null
2024-11-11T08:27:15.572Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [                ] [ctoryContextConfigListener:114] [art-init            ] - Artifactory initialization thread started for home null
2024-11-11T08:27:15.594Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [ctoryContextConfigListener:331] [art-init            ] - 
                _   _  __           _                      ____   _____ _____
     /\        | | (_)/ _|         | |                    / __ \ / ____/ ____|
    /  \   _ __| |_ _| |_ __ _  ___| |_ ___  _ __ _   _  | |  | | (___| (___
   / /\ \ | '__| __| |  _/ _` |/ __| __/ _ \| '__| | | | | |  | |\___ \\___ \
  / ____ \| |  | |_| | || (_| | (__| || (_) | |  | |_| | | |__| |____) |___) |
 /_/    \_\_|   \__|_|_| \__,_|\___|\__\___/|_|   \__, |  \____/|_____/_____/
 Version:  7.98.8                                  __/ |
 Revision: 79808900                               |___/
 Product Version:  7.98.8
 Product Revision: 79808900
 Artifactory Home: '/opt/jfrog/artifactory'
 Node ID: 'artifactory-0'

{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:15.802Z","service":"tomcat","loglevel":"INFO","class":"org.apache.catalina.startup.HostConfig","message":"Deployment of deployment descriptor [/opt/jfrog/artifactory/app/artifactory/tomcat/conf/Catalina/localhost/artifactory.xml] has finished in [5,518] ms"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:15.870Z","service":"tomcat","loglevel":"INFO","class":"org.apache.catalina.startup.HostConfig","message":"Deploying web application directory [/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/ROOT]"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:15.872Z","service":"tomcat","loglevel":"WARNING","class":"org.apache.tomcat.util.digester.Digester","message":"Match [Context/CookieProcessor] failed to set property [forwardSlashIsSeparator] to [false]"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:15.888Z","service":"tomcat","loglevel":"INFO","class":"org.apache.catalina.startup.HostConfig","message":"Deployment of web application directory [/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/ROOT] has finished in [18] ms"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:15.890Z","service":"tomcat","loglevel":"INFO","class":"org.apache.coyote.http11.Http11NioProtocol","message":"Starting ProtocolHandler ["http-nio-8081"]"}}
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:15.971Z","service":"tomcat","loglevel":"INFO","class":"org.apache.coyote.http11.Http11NioProtocol","message":"Starting ProtocolHandler ["http-nio-127.0.0.1-8091"]"}}
2024-11-11T08:27:16.000Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [ifactoryApplicationContext:635] [art-init            ] - Artifactory application context set to NOT READY by refresh
2024-11-11T08:27:23.999Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [.a.s.d.m.DbQueryMonitorImpl:91] [art-init            ] - Database cluster name=artifactory-postgresql, hash=31813cdd, db_name=artifactory
2024-11-11T08:27:26.995Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [.b.BinariesStoreBeansConfig:47] [art-init            ] - injecting spring beans for binary-store-code module
2024-11-11T08:27:27.715Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [acyAuthorizationServiceImpl:85] [art-init            ] - Active permissions cache type: LEGACY
2024-11-11T08:27:27.783Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [estRateLimiterServiceV2Impl:64] [art-init            ] - OutboundRequest rate limiter is disabled
2024-11-11T08:27:28.175Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [ritiesStorageServiceFactory:25] [art-init            ] - Initializing DB-based Priorities Storage Service
2024-11-11T08:27:28.382Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [ueryRateLimiterServiceImpl:119] [art-init            ] - Query rate limiter is disabled
2024-11-11T08:27:28.794Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [ctoryStorageHandlerGCConfig:32] [art-init            ] - injecting spring beans for storage-handler-gc module
2024-11-11T08:27:29.403Z �[1;32m[jfrt ]�[0;39m �[31m[WARN ]�[0;39m [17895319ece116b3] [c.z.h.HikariConfig:1095       ] [art-init            ] - JFrog HikariCP Main - idleTimeout has been set but has no effect because the pool is operating as a fixed size pool.
2024-11-11T08:27:29.421Z �[1;32m[jfrt ]�[0;39m �[31m[WARN ]�[0;39m [17895319ece116b3] [c.z.h.HikariConfig:1095       ] [art-init            ] - JFrog HikariCP Main - idleTimeout has been set but has no effect because the pool is operating as a fixed size pool.
2024-11-11T08:27:29.483Z �[1;32m[jfrt ]�[0;39m �[31m[WARN ]�[0;39m [17895319ece116b3] [c.z.h.HikariConfig:1095       ] [art-init            ] - JFrog HikariCP Main - idleTimeout has been set but has no effect because the pool is operating as a fixed size pool.
2024-11-11T08:27:29.501Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [                ] [veDbLocksConnRecoveryDaemon:35] [ Connection Recovery] - Native Locks Recovery daemon is started.
2024-11-11T08:27:31.676Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [.d.l.s.DbLocksServiceFacade:70] [art-init            ] - Automatic DB lock mechanism selected.
2024-11-11T08:27:31.793Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [oryBinariesStoreBeansConfig:21] [art-init            ] - injecting spring beans for storage-handler-b2a-bridge module
2024-11-11T08:27:31.995Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [.p.t.TomcatReadinessMonitor:53] [art-init            ] - TomcatReadinessMonitor properties mode: monitor, maxFailedMetricsCount: 3, minProcessedRequestsCount: 15
2024-11-11T08:27:31.996Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [.p.t.TomcatReadinessMonitor:77] [art-init            ] - Server readiness monitor mode MONITOR
2024-11-11T08:27:34.076Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [actorySchedulerFactoryBean:729] [art-init            ] - Starting Quartz Scheduler now
2024-11-11T08:27:34.082Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [actorySchedulerFactoryBean:729] [art-init            ] - Starting Quartz Scheduler now
2024-11-11T08:27:34.178Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [ifactoryApplicationContext:302] [art-init            ] - Artifactory context starting up 62 Spring Beans...
2024-11-11T08:27:34.295Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [o.a.s.a.AccessServiceImpl:664 ] [art-init            ] - Initialized new service id: jfrt@01jc32g32z94sq0j5bmb400tfx
2024-11-11T08:27:34.377Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [oryAccessClientConfigStore:527] [art-init            ] - Using Access Server URL: http://localhost:8046/access source: System Config
2024-11-11T08:27:35.404Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [ea85587988f12501] [eyFixMemoryConsumptionHooks:49] [988f12501|art-exec-1] - Install the ByteBuddy Java agent
2024-11-11T08:27:35.898Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [ea85587988f12501] [eyFixMemoryConsumptionHooks:52] [988f12501|art-exec-1] - Hook the Jersey server initialization, improving memory consumption
2024-11-11T08:27:36.588Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [o.j.c.ExecutionUtils:289      ] [jf-common-pool-0    ] - Cluster join: Retry 5: Service registry ping failed, will retry. Error while trying to connect to local router at address 'http://localhost:8046/access': Connect to localhost:8046 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused
2024-11-11T08:27:36.999Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [ea85587988f12501] [eyFixMemoryConsumptionHooks:78] [988f12501|art-exec-1] - Registered the fillMediaTypes hook
2024-11-11T08:27:37.092Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [ea85587988f12501] [o.a.r.s.JerseyApplication:84  ] [988f12501|art-exec-1] - Apply additional JAX-RS filters (metrics, etc.)
{"log_name":"tomcat-catalina.log","app":{"datetime":"2024-11-11T08:27:39.897Z","service":"tomcat","loglevel":"SEVERE","class":"org.glassfish.jersey.server.spring.SpringComponentProvider","message":"None or multiple beans found in Spring context for type class org.artifactory.rest.resource.federation.FederatedStatusResource, skipping the type."}}
2024-11-11T08:27:41.601Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [o.j.c.ExecutionUtils:289      ] [jf-common-pool-1    ] - Cluster join: Retry 10: Service registry ping failed, will retry. Error while trying to connect to local router at address 'http://localhost:8046/access': Connect to localhost:8046 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused
2024-11-11T08:27:46.614Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [o.j.c.ExecutionUtils:289      ] [jf-common-pool-0    ] - Cluster join: Retry 15: Service registry ping failed, will 
...
2024-11-11T08:30:47.086Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [o.j.c.ExecutionUtils:289      ] [jf-common-pool-0    ] - Cluster join: Retry 195: Service registry ping failed, will retry. Error while trying to connect to local router at address 'http://localhost:8046/access': Connect to localhost:8046 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused
2024-11-11T08:30:52.099Z �[1;32m[jfrt ]�[0;39m �[34m[INFO ]�[0;39m [17895319ece116b3] [o.j.c.ExecutionUtils:289      ] [jf-common-pool-1    ] - Cluster join: Retry 200: Service registry ping failed, will retry. Error while trying to connect to local router at address 'http://localhost:8046/access': Connect to localhost:8046 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused

What you expected to happen: artifactory starts.

How to reproduce it (as minimally and precisely as possible):

helm upgrade --install artifactory --version 107.98.8 jfrog/artifactory-oss -f values.yaml

values.yaml:

global:
    masterKeySecretName: masterkey-secret
    joinKeySecretName: joinkey-secret

artifactory:
  containerSecurityContext:
    enabled: false
  artifactory:
    podSecurityContext:
      enabled: false

    image:
      registry: releases-docker.jfrog.io
      repository: jfrog/artifactory-oss

    resources: 
      requests:
        memory: "1Gi"
        cpu: "500m"
      limits:
        memory: "4Gi"
        cpu: "1"

    javaOpts: 
     xms: "1g"
     xmx: "3g"
  installer:
    platform: art-oss-helm


  nginx:
    enabled: false
    tlsSecretName: ""
    service:
      type: LoadBalancer

  ingress:
    enabled: false
    tls:

  postgresql:
    enabled: true
    securityContext:
      enabled: false
    containerSecurityContext:
      enabled: false    

  databaseUpgradeReady: "yes"

  jfconnect:
    enabled: false
  federation:
    enabled: false

postgresql:
  enabled: true
router:
  image:
    tag: 7.135.1
initContainers:
  image:
    tag: 9.4.1227

I've also the complete combined log of all containers attatched combined_logs5.log

@RobinDuhan
Copy link

Hi @jkdev2, this seems to be failing because openshift created a read-only filesystem for the pods.

chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted

Will you please confirm if you followed the instructions here?

@jkdev2
Copy link
Author

jkdev2 commented Nov 13, 2024

Hi @jkdev2, this seems to be failing because openshift created a read-only filesystem for the pods.

chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted

Will you please confirm if you followed the instructions here?

Yes, I've used the OpenShift instructions to set this up. I ran some tests with different context options, and since the typical "anyuid" permission errors are no longer appearing, I think this setup is fine. The chmod errors also make sense in my opinion because those folders belong to the "artifactory" user. Given that we are using a random user in OpenShift, I think this behavior is expected.

bash-5.1$ ls -al /opt/jfrog/artifactory/app/access/
total 0
drwxrwxrwx. 4 artifactory artifactory  31 Nov  4 16:43 .
drwxrwxrwx. 1 artifactory artifactory  48 Nov  4 16:48 ..
drwxrwxrwx. 2 artifactory artifactory 119 Nov  4 16:43 bin
drwxrwxrwx. 8 artifactory artifactory 148 Nov  4 16:43 tomcat

folders in e.g. /opt/jfrog/artifactory/var/ belong to the random user

bash-5.1$ ls -al /opt/jfrog/artifactory/var/
total 28
drwxrwxrwx.  8          99          99 4096 Nov 13 01:09 .
drwxr-xr-x.  1 artifactory artifactory   25 Nov  4 16:48 ..
drwxr-xr-x.  8 1001160000           99 4096 Nov 13 00:31 backup
drwxr-xr-x.  9 1001160000           99 4096 Nov 13 00:31 bootstrap
drwxr-xr-x.  9 1001160000           99 4096 Nov 13 00:31 data
drwxr-xr-x. 12 1001160000           99 4096 Nov 13 00:31 etc
drwxr-xr-x.  4 1001160000           99 4096 Nov 13 00:31 log
-rw-r--r--.  1 1001160000           99    0 Nov 13 00:36 test.txt
drwxr-xr-x.  8 1001160000           99 4096 Nov 13 00:31 work

@jkdev2
Copy link
Author

jkdev2 commented Nov 13, 2024

The router also says that it cannot join using the access endpoint It kind of feels like a chicken-and-egg problem. The router needs the access endpoint 8040 to join and access somehow needs the router to register via port 8046.

Here is the log from router:

Testing directory /var/opt/jfrog/router has read/write permissions for user id 1001160000
Permissions for /var/opt/jfrog/router are good
Setting JF_SHARED_NODE_ID to artifactory-0
Setting JF_SHARED_NODE_IP to 10.129.34.229
Setting JF_SHARED_NODE_NAME to artifactory-0
Using default router's certificate and private key
======= Router PID 270
Logging configuration has both console=true and filepath='router-service.log'; ignoring console.
2024-11-13T10:02:17.485Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [bootstrap.go:91               ] [main                ] [] - Router (jfrou) service initialization started. Version: 7.135.1-1 Revision: 6aa400c8f51ac46d65a54acab11607d97e466293 PID: 270 Home: /opt/jfrog/router
2024-11-13T10:02:17.486Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [bootstrap.go:94               ] [main                ] [] - JFrog Router IP: 10.129.34.229
2024-11-13T10:02:17.487Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [bootstrap.go:95               ] [main                ] [] - Effective configuration:
access.database.maxOpenConnections (File): 80
access.extraJavaOpts (File): -XX:InitialRAMPercentage=20 -XX:MaxRAMPercentage=70

access.http.port (Default Value): 8040
access.runOnArtifactoryTomcat (File): false
access.tomcat.connector.extraConfig (File): acceptCount="100"
access.tomcat.connector.maxThreads (File): 50
access.tomcat.connector.sendReasonPhrase (File): false
artifactory.database.maxOpenConnections (File): 80
artifactory.tomcat.connector.extraConfig (File): acceptCount="400"
artifactory.tomcat.connector.maxThreads (File): 200
artifactory.tomcat.connector.sendReasonPhrase (File): false
artifactory.tomcat.maintenanceConnector.port (File): 8091
evidence.enabled (File): false
federation.enabled (File): false
frontend.session.timeMinutes (File): 30
jfconnect.enabled (File): false
jfconnect_service.enabled (File): false
metadata.database.maxOpenConnections (File): 80
product.data.internal (Environment Variable: JF_PRODUCT_DATA_INTERNAL): /var/opt/jfrog/router
product.home (Environment Variable: JF_PRODUCT_HOME): /opt/jfrog/router
router.autoMemLimitRatio (Default Value): 0.9
router.availabilityZoneOptimization.loggingIntervalSecs (Default Value): 600
router.encryptSystemConfig (Default Value): true
router.entrypoints.externalHost (Default Value): 
router.entrypoints.externalMaxConcurrentStreams (Default Value): 500
router.entrypoints.externalPort (Default Value): 8082
router.entrypoints.grpcPort (Default Value): 8047
router.entrypoints.hotPathLogEnabled (Default Value): true
router.entrypoints.internalMaxConcurrentStreams (Default Value): 500
router.entrypoints.internalPort (Default Value): 8046
router.entrypoints.traefikApiPort (Default Value): 8049
router.httpclient.requestTimeoutSecs (Default Value): 30
router.lifecycle.shutdown.entrypointsGraceTimeout (Default Value): 10s
router.lifecycle.shutdown.internalJobsGraceTimeout (Default Value): 7s
router.logging.application.caller (Default Value): false
router.logging.application.console (Default Value): true
router.logging.application.filePath (Default Value): router-service.log
router.logging.application.format (Default Value): jftext
router.logging.application.level (Default Value): info
router.logging.application.rotation.compress (Default Value): true
router.logging.application.rotation.keepLastDecompressed (Default Value): 1
router.logging.application.rotation.maxAgeDays (Default Value): 0
router.logging.application.rotation.maxFiles (Default Value): 10
router.logging.application.rotation.maxSizeMb (Default Value): 25
router.logging.consoleLog.format (Default Value): jftext
router.logging.request.filePath (Default Value): router-request.log
router.logging.request.forwardedForLogging.enabled (Default Value): false
router.logging.request.forwardedForLogging.header (Default Value): X-Forwarded-For
router.logging.request.rotation.compress (Default Value): true
router.logging.request.rotation.keepLastDecompressed (Default Value): 1
router.logging.request.rotation.maxAgeDays (Default Value): 0
router.logging.request.rotation.maxFiles (Default Value): 10
router.logging.request.rotation.maxSizeMb (Default Value): 100
router.logging.request.tokenIdLoggingEnabled (Default Value): false
router.logging.request.verbose (Default Value): false
router.logging.traefik.caller (Default Value): false
router.logging.traefik.console (Default Value): false
router.logging.traefik.filePath (Default Value): router-traefik.log
router.logging.traefik.format (Default Value): jftext
router.logging.traefik.level (Default Value): info
router.logging.traefik.rotation.compress (Default Value): true
router.logging.traefik.rotation.keepLastDecompressed (Default Value): 1
router.logging.traefik.rotation.maxAgeDays (Default Value): 0
router.logging.traefik.rotation.maxFiles (Default Value): 10
router.logging.traefik.rotation.maxSizeMb (Default Value): 25
router.masterKeyRemoval.heartbeatCount (Default Value): 3
router.masterKeyRemoval.intervalSecs (Default Value): 60
router.masterKeyRemoval.timeoutSecs (Default Value): 600
router.metrics.tokenVerification.accessUrl (Default Value): 
router.metrics.tokenVerification.revocableExpiryThresholdSeconds (Default Value): -1
router.mtls.configCacheErrorExpirationSecs (Default Value): 15
router.mtls.configCacheExpirationSecs (Default Value): 600
router.multiTenant.cacheExpirySecs (Default Value): 86400
router.multiTenant.cacheGcPeriodSecs (Default Value): 600
router.multiTenant.transport.idleConnTimeoutSecs (Default Value): 5
router.multiTenant.transport.insecureSkipVerify (Default Value): true
router.probes.liveness.failOnLongFailingReadiness.enabled (Default Value): true
router.probes.liveness.failOnLongFailingReadiness.failureDurationSecs (Default Value): 60
router.profiling.enabled (Default Value): false
router.profiling.pprofServerPort (Default Value): 6060
router.profiling.pprofServerTimeoutSeconds (Default Value): 21600
router.proxy.httpUrl (Default Value): 
router.proxy.httpsUrl (Default Value): 
router.proxy.ignoredHosts (Default Value): []
router.redirectUnknownPathToArtifactoryEnabled (Default Value): false
router.retry.enabled (Default Value): false
router.retry.enabledOnUnavailable (Default Value): true
router.security.cipherSuites (Default Value): TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
router.serviceRegistry.accessUrl (Applicative Resolution): http://localhost:8040/access
router.serviceRegistry.insecure (File): false
router.serviceRegistry.requestTimeout (Default Value): 15s
router.serviceRegistry.skipJoinConnectivityTest (Default Value): false
router.serviceRegistry.topologyServiceTokenExpirySecs (Default Value): 7200
router.serviceRegistry.topologyUrl (Applicative Resolution): http://localhost:8040/access
router.serviceRegistry.useTopologyService (Default Value): false
router.supportBundle.aggregationTimeout (Default Value): 1h0m0s
router.topology.external.allowH2c (Default Value): true
router.topology.external.healthRequestTimeoutSecs (Default Value): 5
router.topology.external.protocolFinderCacheSecs (Default Value): 600
router.topology.external.refresh.interval (Default Value): 3s
router.topology.external.refresh.maxStaleHeartbeat (Default Value): 30s
router.topology.external.skipIpCheck (Default Value): false
router.topology.local.enableNodeStatusBroadcast (Default Value): true
router.topology.local.healthCheck.healthyThreshold (Default Value): 2
router.topology.local.healthCheck.interval (Default Value): 5s
router.topology.local.healthCheck.requestTimeout (Default Value): 5s
router.topology.local.healthCheck.unhealthyThreshold (Default Value): 2
router.topology.local.ignorePersistedServices (Default Value): false
router.topology.local.requiredServiceTypes (Environment Variable: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES): jfrt,jfac,jfob,jfmd,jfevt,jffe
shared.database.allowNonPostgresql (File): false
shared.database.driver (File): org.postgresql.Driver
shared.database.type (File): postgresql
shared.database.url (File): jdbc:postgresql://artifactory-postgresql:5432/artifactory
shared.database.username (File): artifactory
shared.extraJavaOpts (File): -Dartifactory.graceful.shutdown.max.request.duration.millis=30000 -Dartifactory.access.client.max.connections=50 -Xms1g -Xmx3g

shared.jfrogUrl (Default Value): 
shared.logging.consoleLog.enabled (File): false
shared.logging.consoleLog.format (Default Value): shared.logging.consoleLog.format
shared.logging.enableJsonConsoleLogAppenders (Default Value): false
shared.multiTenant.cellId (Default Value): 
shared.multiTenant.enabled (Default Value): false
shared.multiTenant.tenantRegistryClient.caCert (Default Value): 
shared.multiTenant.tenantRegistryClient.cacheExpirationSecs (Default Value): 21600
shared.multiTenant.tenantRegistryClient.clientCert (Default Value): 
shared.multiTenant.tenantRegistryClient.clientCertKey (Default Value): *****
shared.multiTenant.tenantRegistryClient.dialTimeoutSecs (Default Value): 10
shared.multiTenant.tenantRegistryClient.endpoints (Default Value): []
shared.multiTenant.tenantRegistryClient.requestTimeoutSecs (Default Value): 30
shared.newrelic.appName (Default Value): 
shared.newrelic.distributedTracerEnabled (Default Value): true
shared.newrelic.enableDebugLog (Default Value): false
shared.newrelic.enabled (Default Value): false
shared.newrelic.licenseKey (Default Value): *****
shared.node.availabilityZoneId (Default Value): 
shared.node.id (Environment Variable: JF_SHARED_NODE_ID): artifactory-0
shared.node.ip (Environment Variable: JF_SHARED_NODE_IP): 10.129.34.229
shared.node.name (Environment Variable: JF_SHARED_NODE_NAME): artifactory-0
shared.node.port (Default Value): 0
shared.node.tlsEnabled (Default Value): false
shared.security.bootstrapKeysReadTimeoutSecs (Default Value): 300
shared.security.joinKeyFile (Default Value): etc/security/join.key
shared.security.masterKeyExternal (Default Value): false
shared.security.masterKeyFile (Default Value): etc/security/master.key
system.yaml (Environment Variable: JF_SYSTEM_YAML): /opt/jfrog/router/var/etc/system.yaml
topology.grpcPort (Default Value): 8021
topology.port (Default Value): 8020
2024-11-13T10:02:17.489Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [bootstrap.go:144              ] [main                ] [] - System configuration encryption report:
shared.multiTenant.tenantRegistryClient.clientCertKey: does not exist in the config file
shared.newrelic.licenseKey: does not exist in the config file
shared.security.joinKeyFile: file '/opt/jfrog/router/var/etc/security/join.key' - already encrypted
2024-11-13T10:02:17.491Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [environment.go:63             ] [main                ] [] - MemoryLimit set to 483183820 (ratio: 0.90)
2024-11-13T10:02:17.492Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [bootstrap.go:99               ] [main                ] [] - JFrog Router Service ID: jfrou@01jcheytqbbc0hd9x08bdm312f
2024-11-13T10:02:17.492Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [bootstrap.go:100              ] [main                ] [] - JFrog Router Node ID: artifactory-0
2024-11-13T10:02:17.502Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [trusted.go:36                 ] [main                ] [] - System cert pool contents were loaded as trusted CAs for TLS communication
2024-11-13T10:02:17.504Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [trusted.go:58                 ] [main                ] [] - No certificate to be loaded as trusted CAs found in []
2024-11-13T10:02:17.504Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [trusted.go:36                 ] [main                ] [] - System cert pool contents were loaded as trusted CAs for TLS communication
2024-11-13T10:02:17.504Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [trusted.go:58                 ] [main                ] [] - No certificate to be loaded as trusted CAs found in []
2024-11-13T10:02:46.482Z �[36m[jfrou]�[0m �[34m[INFO ]�[0m [54f0bbaab7748d66] [join_executor.go:117          ] [main                ] [] - Cluster join: Trying to rejoin the cluster http://localhost:8040/access
2024-11-13T10:02:49.103Z �[36m[jfrou]�[0m �[31;1m[FATAL]�[0m [54f0bbaab7748d66] [e_tenant_services_holder.go:41] [main                ] [] - Failed joining Access: cluster join: Failed joining the cluster; Error: error while trying to connect to service registry at address 'http://localhost:8040/access': do secure: Post "http://localhost:8040/access/api/v1/registry/join/router": EOF
could not join Access
jfrog.com/jfrog-router/v7/internal/app/application/services.joinAccess
	jfrog.com/jfrog-router/v7/internal/app/application/services/join_access.go:36
jfrog.com/jfrog-router/v7/internal/app/application/services.NewSingleTenantServicesHolder
	jfrog.com/jfrog-router/v7/internal/app/application/services/single_tenant_services_holder.go:39
jfrog.com/jfrog-router/v7/internal/app/application.createServicesHolder
	jfrog.com/jfrog-router/v7/internal/app/application/bootstrap.go:74
jfrog.com/jfrog-router/v7/internal/app/application.Bootstrap
	jfrog.com/jfrog-router/v7/internal/app/application/bootstrap.go:52
main.runApplication
	jfrog.com/jfrog-router/v7/cmd/jf-router/main.go:52
main.main
	jfrog.com/jfrog-router/v7/cmd/jf-router/main.go:38
runtime.main
	runtime/proc.go:272
runtime.goexit
	runtime/asm_amd64.s:1700
Exit status: 1

@RobinDuhan
Copy link

Can you confirm if a read-only security constraint is being enforced in your cluster? Can you also share access logs?

@jkdev2
Copy link
Author

jkdev2 commented Nov 13, 2024

Can you confirm if a read-only security constraint is being enforced in your cluster? Can you also share access logs?

The PVC is mounted with Read/write. The access log is provided above in the first post. Here is the Pod-Description, maybe it helps:

Name:             artifactory-0
Namespace:        ocp0101
Priority:         0
Service Account:  default
Node:             ...
Start Time:       Wed, 13 Nov 2024 11:59:47 +0100
Labels:           app=artifactory
                  chart=artifactory-107.98.8
                  component=artifactory
                  controller-revision-hash=artifactory-7599959947
                  heritage=Helm
                  release=artifactory
                  role=artifactory
                  statefulset.kubernetes.io/pod-name=artifactory-0
Annotations:      checksum/artifactory-unified-secret: d0905b8f04c9a41562d34babaf4940feb666b8adeb8e0bdfdf71998e05749faf
                  k8s.v1.cni.cncf.io/network-status:
                    [{
                        "name": "openshift-sdn",
                        "interface": "eth0",
                        "ips": [
                            "10.110.19.251"
                        ],
                        "default": true,
                        "dns": {}
                    }]
                  kubernetes.io/limit-ranger:
                    LimitRanger plugin set: cpu, memory request for container router; cpu, memory limit for container router; cpu, memory request for containe...
                  openshift.io/scc: restricted-v2
                  seccomp.security.alpha.kubernetes.io/pod: runtime/default
Status:           Running
SeccompProfile:   RuntimeDefault
IP:               10.110.19.251
IPs:
  IP:           10.110.19.251
Controlled By:  StatefulSet/artifactory
Init Containers:
  delete-db-properties:
    Container ID:  cri-o://46f0ada0da8abfae31d7e1216660b0f9e2cc8c4377fdbd6cb22aa21daa0c061f
    Image:         releases-docker.jfrog.io/ubi9/ubi-minimal:9.4.1227
    Image ID:      releases-docker.jfrog.io/ubi9/ubi-minimal@sha256:03e5da53b375946ee17dd95a6d0799f5b39e048927b8de976fdb775e1390be9c
    Port:          <none>
    Host Port:     <none>
    Command:
      bash
      -c
      rm -fv /var/opt/jfrog/artifactory/etc/db.properties
    State:          Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Wed, 13 Nov 2024 11:59:52 +0100
      Finished:     Wed, 13 Nov 2024 11:59:52 +0100
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     1
      memory:  1Gi
    Requests:
      cpu:        80m
      memory:     716Mi
    Environment:  <none>
    Mounts:
      /var/opt/jfrog/artifactory from artifactory-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tg9t9 (ro)
  copy-system-configurations:
    Container ID:  cri-o://16135fbf3dd1c2cb4a71dd47ab8044830cd4fb33640eca023d73d27450d667cb
    Image:         releases-docker.jfrog.io/ubi9/ubi-minimal:9.4.1227
    Image ID:      releases-docker.jfrog.io/ubi9/ubi-minimal@sha256:03e5da53b375946ee17dd95a6d0799f5b39e048927b8de976fdb775e1390be9c
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/bash
      -c
      if [[ -e "/var/opt/jfrog/artifactory/etc/filebeat.yaml" ]]; then chmod 644 /var/opt/jfrog/artifactory/etc/filebeat.yaml; fi; echo "Copy system.yaml to /var/opt/jfrog/artifactory/etc"; mkdir -p /var/opt/jfrog/artifactory/etc; mkdir -p /var/opt/jfrog/artifactory/etc/access/keys/trusted; cp -fv /tmp/etc/system.yaml /var/opt/jfrog/artifactory/etc/system.yaml; echo "Copy binarystore.xml file"; mkdir -p /var/opt/jfrog/artifactory/etc/artifactory; cp -fv /tmp/etc/artifactory/binarystore.xml /var/opt/jfrog/artifactory/etc/artifactory/binarystore.xml; echo "Copy access.config.patch.yml to /var/opt/jfrog/artifactory/etc/access"; mkdir -p /var/opt/jfrog/artifactory/etc/access; cp -fv /tmp/etc/access.config.patch.yml /var/opt/jfrog/artifactory/etc/access/access.config.patch.yml; echo "Copy joinKey to /var/opt/jfrog/artifactory/bootstrap/access/etc/security"; mkdir -p /var/opt/jfrog/artifactory/bootstrap/access/etc/security; echo -n ${ARTIFACTORY_JOIN_KEY} > /var/opt/jfrog/artifactory/bootstrap/access/etc/security/join.key; echo "Copy masterKey to /var/opt/jfrog/artifactory/etc/security"; mkdir -p /var/opt/jfrog/artifactory/etc/security; echo -n ${ARTIFACTORY_MASTER_KEY} > /var/opt/jfrog/artifactory/etc/security/master.key;
      
    State:          Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Wed, 13 Nov 2024 11:59:53 +0100
      Finished:     Wed, 13 Nov 2024 11:59:53 +0100
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     1
      memory:  1Gi
    Requests:
      cpu:     80m
      memory:  716Mi
    Environment:
      ARTIFACTORY_JOIN_KEY:    <set to the key 'join-key' in secret 'joinkey-secret'>      Optional: false
      ARTIFACTORY_MASTER_KEY:  <set to the key 'master-key' in secret 'masterkey-secret'>  Optional: false
    Mounts:
      /tmp/etc/access.config.patch.yml from artifactory-unified-secret-volume (rw,path="access.config.patch.yml")
      /tmp/etc/artifactory/binarystore.xml from artifactory-unified-secret-volume (rw,path="binarystore.xml")
      /tmp/etc/system.yaml from artifactory-unified-secret-volume (rw,path="system.yaml")
      /var/opt/jfrog/artifactory from artifactory-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tg9t9 (ro)
  wait-for-db:
    Container ID:  cri-o://2506492d2bf74112c76ac65d8195e766f01494854186fd85886c45b57c46a665
    Image:         releases-docker.jfrog.io/ubi9/ubi-minimal:9.4.1227
    Image ID:      releases-docker.jfrog.io/ubi9/ubi-minimal@sha256:03e5da53b375946ee17dd95a6d0799f5b39e048927b8de976fdb775e1390be9c
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/bash
      -c
      echo "Waiting for postgresql to come up"
      ready=false;
      while ! $ready; do echo waiting;
        timeout 2s bash -c "</dev/tcp/artifactory-postgresql/5432"; exit_status=$?;
        if [[ $exit_status -eq 0 ]]; then ready=true; echo "database ok"; fi; sleep 1;
      done
      
    State:          Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Wed, 13 Nov 2024 11:59:54 +0100
      Finished:     Wed, 13 Nov 2024 11:59:55 +0100
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     1
      memory:  1Gi
    Requests:
      cpu:        80m
      memory:     716Mi
    Environment:  <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tg9t9 (ro)
Containers:
  router:
    Container ID:  cri-o://5473d821ebd1addc0eb5bfea34d98ce928bf936eee72269dd6a622a140722209
    Image:         releases-docker.jfrog.io/jfrog/router:7.135.1
    Image ID:      releases-docker.jfrog.io/jfrog/router@sha256:5b51cbdf6787e2c612b3c7ceb1650309516d9b2e1bd4cba392d606f67a120d85
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/bash
      -c
      exec /opt/jfrog/router/app/bin/entrypoint-router.sh
      
    State:          Running
      Started:      Wed, 13 Nov 2024 14:29:07 +0100
    Last State:     Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Wed, 13 Nov 2024 14:22:01 +0100
      Finished:     Wed, 13 Nov 2024 14:23:55 +0100
    Ready:          False
    Restart Count:  37
    Limits:
      cpu:     500m
      memory:  512Mi
    Requests:
      cpu:      40m
      memory:   358Mi
    Liveness:   exec [sh -c curl -s -k --fail --max-time 5 http://localhost:8082/router/api/v1/system/liveness] delay=0s timeout=5s period=10s #success=1 #failure=5
    Readiness:  exec [sh -c curl -s -k --fail --max-time 5 http://localhost:8082/router/api/v1/system/readiness] delay=0s timeout=5s period=10s #success=1 #failure=5
    Startup:    exec [sh -c curl -s -k --fail --max-time 5 http://localhost:8082/router/api/v1/system/readiness] delay=10s timeout=5s period=5s #success=1 #failure=30
    Environment:
      JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES:  jfrt,jfac,jfob,jfmd,jfevt,jffe
    Mounts:
      /var/opt/jfrog/router from artifactory-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tg9t9 (ro)
  frontend:
    Container ID:  cri-o://2450bb9cab0d990f9390c15b4bad5fae876837756fe9aadf7e0eed7a2e031afe
    Image:         releases-docker.jfrog.io/jfrog/artifactory-oss:7.98.8
    Image ID:      releases-docker.jfrog.io/jfrog/artifactory-oss@sha256:b6431a92318ae29d6ef0881abe89cf49a1bd3047a0c276fde152c2444dee5566
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/bash
      -c
      exec /opt/jfrog/artifactory/app/third-party/node/bin/node /opt/jfrog/artifactory/app/frontend/bin/server/dist/bundle.js /opt/jfrog/artifactory/app/frontend
      
    State:          Running
      Started:      Wed, 13 Nov 2024 14:26:46 +0100
    Last State:     Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Wed, 13 Nov 2024 14:23:21 +0100
      Finished:     Wed, 13 Nov 2024 14:26:46 +0100
    Ready:          False
    Restart Count:  28
    Limits:
      cpu:     500m
      memory:  512Mi
    Requests:
      cpu:     40m
      memory:  358Mi
    Liveness:  exec [sh -c curl --fail --max-time 5 http://localhost:8070/api/v1/system/liveness] delay=0s timeout=5s period=10s #success=1 #failure=5
    Startup:   exec [sh -c curl --fail --max-time 5 http://localhost:8070/api/v1/system/readiness] delay=30s timeout=5s period=5s #success=1 #failure=90
    Environment:
      JF_SHARED_NODE_ID:  artifactory-0 (v1:metadata.name)
    Mounts:
      /var/opt/jfrog/artifactory from artifactory-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tg9t9 (ro)
  metadata:
    Container ID:  cri-o://f9fde4b31f8efafbb2073c06203788ed28113d900cdf250afef21d3a4cbd455d
    Image:         releases-docker.jfrog.io/jfrog/artifactory-oss:7.98.8
    Image ID:      releases-docker.jfrog.io/jfrog/artifactory-oss@sha256:b6431a92318ae29d6ef0881abe89cf49a1bd3047a0c276fde152c2444dee5566
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/bash
      -c
      exec /opt/jfrog/artifactory/app/metadata/bin/jf-metadata start
      
    State:          Running
      Started:      Wed, 13 Nov 2024 14:27:42 +0100
    Last State:     Terminated
      Reason:       Error
      Exit Code:    2
      Started:      Wed, 13 Nov 2024 14:17:41 +0100
      Finished:     Wed, 13 Nov 2024 14:22:41 +0100
    Ready:          False
    Restart Count:  27
    Limits:
      cpu:     500m
      memory:  512Mi
    Requests:
      cpu:     40m
      memory:  358Mi
    Liveness:  exec [sh -c curl --fail --max-time 5 http://localhost:8086/api/v1/system/liveness] delay=0s timeout=5s period=10s #success=1 #failure=5
    Startup:   exec [sh -c curl --fail --max-time 5 http://localhost:8086/api/v1/system/readiness] delay=30s timeout=5s period=5s #success=1 #failure=90
    Environment:
      JF_SHARED_NODE_ID:            artifactory-0 (v1:metadata.name)
      JF_SHARED_DATABASE_PASSWORD:  <set to the key 'postgresql-password' in secret 'artifactory-postgresql'>  Optional: false
    Mounts:
      /var/opt/jfrog/artifactory from artifactory-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tg9t9 (ro)
  event:
    Container ID:  cri-o://b7b4046ba9e0c885f39f75d6fc31b88743c4d30cc42e84d56ae52e47ed7cd737
    Image:         releases-docker.jfrog.io/jfrog/artifactory-oss:7.98.8
    Image ID:      releases-docker.jfrog.io/jfrog/artifactory-oss@sha256:b6431a92318ae29d6ef0881abe89cf49a1bd3047a0c276fde152c2444dee5566
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/bash
      -c
      exec /opt/jfrog/artifactory/app/event/bin/jf-event start
      
    State:          Running
      Started:      Wed, 13 Nov 2024 14:27:42 +0100
    Last State:     Terminated
      Reason:       Error
      Exit Code:    1
      Started:      Wed, 13 Nov 2024 14:17:41 +0100
      Finished:     Wed, 13 Nov 2024 14:22:41 +0100
    Ready:          False
    Restart Count:  27
    Limits:
      cpu:     500m
      memory:  512Mi
    Requests:
      cpu:     40m
      memory:  358Mi
    Liveness:  exec [sh -c curl --fail --max-time 5 http://localhost:8061/api/v1/system/liveness] delay=0s timeout=5s period=10s #success=1 #failure=5
    Startup:   exec [sh -c curl --fail --max-time 5 http://localhost:8061/api/v1/system/readiness] delay=30s timeout=5s period=5s #success=1 #failure=90
    Environment:
      JF_SHARED_NODE_ID:  artifactory-0 (v1:metadata.name)
    Mounts:
      /var/opt/jfrog/artifactory from artifactory-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tg9t9 (ro)
  access:
    Container ID:  cri-o://d456789a3b78e3939df1e8f98f8d4dad84428199c2dc6a5ca2572d38d069c6ec
    Image:         releases-docker.jfrog.io/jfrog/artifactory-oss:7.98.8
    Image ID:      releases-docker.jfrog.io/jfrog/artifactory-oss@sha256:b6431a92318ae29d6ef0881abe89cf49a1bd3047a0c276fde152c2444dee5566
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/bash
      -c
      set -e; exec /opt/jfrog/artifactory/app/access/bin/entrypoint-access.sh
      
    State:          Running
      Started:      Wed, 13 Nov 2024 14:29:07 +0100
    Last State:     Terminated
      Reason:       OOMKilled
      Exit Code:    0
      Started:      Wed, 13 Nov 2024 14:21:47 +0100
      Finished:     Wed, 13 Nov 2024 14:23:55 +0100
    Ready:          False
    Restart Count:  25
    Limits:
      cpu:     500m
      memory:  512Mi
    Requests:
      cpu:     40m
      memory:  358Mi
    Liveness:  exec [sh -c curl --fail --max-time 5 http://localhost:8040/access/api/v1/system/liveness] delay=0s timeout=5s period=10s #success=1 #failure=5
    Startup:   exec [sh -c curl --fail --max-time 5 http://localhost:8040/access/api/v1/system/readiness] delay=5s timeout=5s period=5s #success=1 #failure=30
    Environment:
      JF_SHARED_DATABASE_PASSWORD:  <set to the key 'postgresql-password' in secret 'artifactory-postgresql'>  Optional: false
    Mounts:
      /var/opt/jfrog/artifactory from artifactory-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tg9t9 (ro)
  observability:
    Container ID:  cri-o://6bafa0db24e934933af24cca8ffca8985af51bf4ee3559b6e645da71898346ad
    Image:         releases-docker.jfrog.io/jfrog/artifactory-oss:7.98.8
    Image ID:      releases-docker.jfrog.io/jfrog/artifactory-oss@sha256:b6431a92318ae29d6ef0881abe89cf49a1bd3047a0c276fde152c2444dee5566
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/bash
      -c
      exec /opt/jfrog/artifactory/app/observability/bin/jf-observability start
      
    State:          Running
      Started:      Wed, 13 Nov 2024 14:26:51 +0100
    Last State:     Terminated
      Reason:       Error
      Exit Code:    2
      Started:      Wed, 13 Nov 2024 14:23:21 +0100
      Finished:     Wed, 13 Nov 2024 14:26:51 +0100
    Ready:          False
    Restart Count:  28
    Limits:
      cpu:     500m
      memory:  512Mi
    Requests:
      cpu:     40m
      memory:  358Mi
    Liveness:  exec [sh -c curl --fail --max-time 5 http://localhost:8036/api/v1/system/liveness] delay=0s timeout=5s period=10s #success=1 #failure=5
    Startup:   exec [sh -c curl --fail --max-time 5 http://localhost:8036/api/v1/system/readiness] delay=30s timeout=5s period=5s #success=1 #failure=90
    Environment:
      JF_SHARED_NODE_ID:  artifactory-0 (v1:metadata.name)
    Mounts:
      /var/opt/jfrog/artifactory from artifactory-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tg9t9 (ro)
  artifactory:
    Container ID:  cri-o://b1f0d51c351d9029e9ced9eba2656ffd54d356b370dd601cfc40cca419e74def
    Image:         releases-docker.jfrog.io/jfrog/artifactory-oss:7.98.8
    Image ID:      releases-docker.jfrog.io/jfrog/artifactory-oss@sha256:b6431a92318ae29d6ef0881abe89cf49a1bd3047a0c276fde152c2444dee5566
    Ports:         8082/TCP, 8081/TCP
    Host Ports:    0/TCP, 0/TCP
    Command:
      /bin/bash
      -c
      set -e; if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then
        echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap";
        cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/;
      fi; exec /entrypoint-artifactory.sh
      
    State:          Running
      Started:      Wed, 13 Nov 2024 14:27:15 +0100
    Last State:     Terminated
      Reason:       Error
      Exit Code:    143
      Started:      Wed, 13 Nov 2024 14:19:30 +0100
      Finished:     Wed, 13 Nov 2024 14:27:14 +0100
    Ready:          False
    Restart Count:  19
    Limits:
      cpu:     1
      memory:  4Gi
    Requests:
      cpu:     80m
      memory:  2867Mi
    Liveness:  exec [sh -c curl -s -k --fail --max-time 5 http://localhost:8091/artifactory/api/v1/system/liveness] delay=0s timeout=5s period=10s #success=1 #failure=5
    Startup:   exec [sh -c curl -s -k --fail --max-time 5 http://localhost:8091/artifactory/api/v1/system/readiness] delay=10s timeout=5s period=5s #success=1 #failure=90
    Environment:
      JF_ROUTER_ENABLED:             true
      JF_ROUTER_SERVICE_ENABLED:     false
      JF_EVENT_ENABLED:              false
      JF_METADATA_ENABLED:           false
      JF_FRONTEND_ENABLED:           false
      JF_FEDERATION_ENABLED:         false
      JF_OBSERVABILITY_ENABLED:      false
      JF_JFCONNECT_SERVICE_ENABLED:  false
      JF_EVIDENCE_ENABLED:           false
      JF_ACCESS_ENABLED:             false
      JF_SHARED_DATABASE_PASSWORD:   <set to the key 'postgresql-password' in secret 'artifactory-postgresql'>  Optional: false
    Mounts:
      /artifactory_bootstrap/info/installer-info.json from installer-info (rw,path="installer-info.json")
      /tmp/etc/artifactory/binarystore.xml from artifactory-unified-secret-volume (rw,path="binarystore.xml")
      /var/opt/jfrog/artifactory from artifactory-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tg9t9 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  artifactory-volume:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  artifactory-volume-artifactory-0
    ReadOnly:   false
  installer-info:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      artifactory-installer-info
    Optional:  false
  artifactory-configmaps:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      artifactory-configmaps
    Optional:  false
  artifactory-unified-secret-volume:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  artifactory-unified-secret
    Optional:    false
  kube-api-access-tg9t9:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
    ConfigMapName:           openshift-service-ca.crt
    ConfigMapOptional:       <nil>
QoS Class:                   Burstable
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/memory-pressure:NoSchedule op=Exists
                             node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason          Age                   From               Message
  ----     ------          ----                  ----               -------
  Normal   Scheduled       149m                  default-scheduler  Successfully assigned ocp0101/artifactory-0 to delta-d8v3-bcqw9-reserved-worker-westeurope2-x89fh
  Normal   AddedInterface  149m                  multus             Add eth0 [10.110.19.251/23] from openshift-sdn
  Normal   Pulled          149m                  kubelet            Container image "releases-docker.jfrog.io/ubi9/ubi-minimal:9.4.1227" already present on machine
  Normal   Created         149m                  kubelet            Created container delete-db-properties
  Normal   Started         149m                  kubelet            Started container delete-db-properties
  Normal   Pulled          149m                  kubelet            Container image "releases-docker.jfrog.io/ubi9/ubi-minimal:9.4.1227" already present on machine
  Normal   Created         149m                  kubelet            Created container copy-system-configurations
  Normal   Started         149m                  kubelet            Started container copy-system-configurations
  Normal   Pulled          149m                  kubelet            Container image "releases-docker.jfrog.io/ubi9/ubi-minimal:9.4.1227" already present on machine
  Normal   Created         149m                  kubelet            Created container wait-for-db
  Normal   Started         149m                  kubelet            Started container wait-for-db
  Normal   Started         149m                  kubelet            Started container frontend
  Normal   Started         149m                  kubelet            Started container event
  Normal   Started         149m                  kubelet            Started container router
  Normal   Pulled          149m                  kubelet            Container image "releases-docker.jfrog.io/jfrog/artifactory-oss:7.98.8" already present on machine
  Normal   Created         149m                  kubelet            Created container frontend
  Normal   Pulled          149m                  kubelet            Container image "releases-docker.jfrog.io/jfrog/artifactory-oss:7.98.8" already present on machine
  Normal   Pulled          149m                  kubelet            Container image "releases-docker.jfrog.io/jfrog/artifactory-oss:7.98.8" already present on machine
  Normal   Created         149m                  kubelet            Created container metadata
  Normal   Started         149m                  kubelet            Started container metadata
  Normal   Pulled          149m                  kubelet            Container image "releases-docker.jfrog.io/jfrog/artifactory-oss:7.98.8" already present on machine
  Normal   Created         149m                  kubelet            Created container event
  Normal   Created         149m                  kubelet            Created container router
  Normal   Pulled          149m                  kubelet            Container image "releases-docker.jfrog.io/jfrog/artifactory-oss:7.98.8" already present on machine
  Normal   Created         149m                  kubelet            Created container access
  Normal   Started         149m                  kubelet            Started container access
  Normal   Pulled          124m (x9 over 149m)   kubelet            Container image "releases-docker.jfrog.io/jfrog/router:7.135.1" already present on machine
  Warning  Unhealthy       79m (x289 over 149m)  kubelet            Startup probe failed:
  Warning  Unhealthy       64m (x732 over 148m)  kubelet            Startup probe failed:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to localhost port 8070: Connection refused
  Warning  Unhealthy  54m (x834 over 148m)  kubelet  Startup probe failed:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to localhost port 8036: Connection refused
  Warning  Unhealthy  39m (x943 over 148m)  kubelet  Startup probe failed:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to localhost port 8086: Connection refused
  Warning  BackOff    34m (x215 over 135m)   kubelet  Back-off restarting failed container metadata in pod artifactory-0_ocp0101(8ec240df-3b3d-4d9f-b37f-705c88eb4103)
  Warning  Unhealthy  14m (x1125 over 148m)  kubelet  Startup probe failed:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to localhost port 8061: Connection refused
  Warning  Unhealthy  9m25s (x1603 over 149m)  kubelet  Startup probe failed:
  Warning  BackOff    4m25s (x719 over 145m)   kubelet  Back-off restarting failed container router in pod artifactory-0_ocp0101(8ec240df-3b3d-4d9f-b37f-705c88eb4103)

@jkdev2
Copy link
Author

jkdev2 commented Nov 13, 2024

Just saw there is a OOMKilled error in the access-container. I think fixed this in a previous attempt, but I'll let you know if the problem is still there.

@jkdev2
Copy link
Author

jkdev2 commented Nov 13, 2024

The access-container keeps restarting. It's not quite clear what is the root-cause for the restarts. Do you think it is the System.yaml validation failed error?

Preparing to run Access in Docker
Running as uid=1001160000(1001160000) gid=0(root) groups=0(root),1001160000
Resolved .shared.database.type (postgresql) from /opt/jfrog/artifactory/var/etc/system.yaml
Resolved .shared.database.url (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
Waiting for DB postgresql to be ready on artifactory-postgresql/5432 for 30 seconds
Copying Access bootstrap files
2024-11-13T15:43:09.492Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.maxThreads (50) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:43:09.773Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.extraConfig (acceptCount="100") from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:43:10.096Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.extraJavaOpts (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:43:10.376Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.extraJavaOpts (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:43:10.773Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.database.type (postgresql) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:43:11.470Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.database.url (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:43:11.772Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_SHARED_DATABASE_PASSWORD (__sensitive_key_hidden___) from environment variable
2024-11-13T15:43:11.975Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.database.maxOpenConnections (80) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:43:12.494Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1632       ] [main] - Checking open files and processes limits
2024-11-13T15:43:12.578Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1635       ] [main] - Current max open files is 1048576
2024-11-13T15:43:12.674Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1646       ] [main] - Current max open processes is 4194304
.jfconnect_service key is misplaced or doesnt apply at this location
yaml validation failed
2024-11-13T15:43:12.788Z [shell] �[1;31m[WARN ]�[0m [] [installerCommon.sh:819        ] [main] - System.yaml validation failed
[TRACE] JDBC to PostgreSQL URL conversion: begin
[INFO ] No ssl parameter found, falling back to sslmode=disable
[TRACE] JDBC to PostgreSQL URL conversion: end

Database connection successful
2024-11-13T15:43:13.101Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1715       ] [main] - Testing directory /opt/jfrog/artifactory/var has read/write permissions for user id 1001160000
2024-11-13T15:43:13.190Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1730       ] [main] - Permissions for /opt/jfrog/artifactory/var are good
2024-11-13T15:43:13.580Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:3508       ] [main] - Setting JF_SHARED_NODE_ID to artifactory-0
2024-11-13T15:43:13.792Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:3508       ] [main] - Setting JF_SHARED_NODE_IP to 10.129.35.59
2024-11-13T15:43:14.071Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:3508       ] [main] - Setting JF_SHARED_NODE_NAME to artifactory-0
2024-11-13T15:43:14.380Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.extraJavaOpts (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:43:14.484Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:2837       ] [main] - Removed duplicate java argument -XX:MaxRAMPercentage=25
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted
2024-11-13T15:43:15.191Z [shell] �[38;5;69m[INFO ]�[0m [] [nativeCommon.sh:66            ] [main] - Saving /opt/jfrog/artifactory/app/access/tomcat/conf/server.xml as /opt/jfrog/artifactory/app/access/tomcat/conf/server.xml.orig
2024-11-13T15:43:15.286Z [shell] �[38;5;69m[INFO ]�[0m [] [nativeCommon.sh:70            ] [main] - Using Tomcat template to generate : /opt/jfrog/artifactory/app/access/tomcat/conf/server.xml
2024-11-13T15:43:15.580Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${access.http.port||8040} to default value : 8040
2024-11-13T15:43:15.788Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.sendReasonPhrase (false) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:43:15.974Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${access.tomcat.connector.sendReasonPhrase||false} to default value : false
2024-11-13T15:43:16.285Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.maxThreads (50) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:43:16.380Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${access.tomcat.connector.maxThreads||50} to default value : 50
2024-11-13T15:43:16.588Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.extraConfig (acceptCount="100") from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:43:16.892Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_PRODUCT_HOME (/opt/jfrog/artifactory) from environment variable
2024-11-13T15:43:17.278Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:981       ] [main] - Resolved ${access.tomcat.workDir||/opt/jfrog/artifactory/var/work/access/tomcat} to default value : /opt/jfrog/artifactory/var/work/access/tomcat
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/webapps/': Operation not permitted
chmod: changing permissions of '/opt/jfrog/artifactory/app/access/tomcat/conf/': Operation not permitted

========================
JF Environment variables
========================

JF_ACCESS_PID                       : /opt/jfrog/artifactory/app/run/access.pid
JF_ARTIFACTORY_USER                 : artifactory
JF_SHARED_RESTRICTEDMODE_ENABLED    : true
JF_SHARED_NODE_ID                   : artifactory-0
JF_SHARED_NODE_IP                   : 10.129.35.59
JF_ACCESS_EXTRAJAVAOPTS             : ******
-XX:MaxRAMPercentage                : 70
JF_PRODUCT_DATA_INTERNAL            : /var/opt/jfrog/artifactory
JF_SYSTEM_YAML                      : /opt/jfrog/artifactory/var/etc/system.yaml
JF_PRODUCT_HOME                     : /opt/jfrog/artifactory
JF_SHARED_DATABASE_PASSWORD         : ******
JF_SHARED_NODE_NAME                 : artifactory-0
2024-11-13T15:43:18.486Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1292       ] [main] - Redirection is set to false. Skipping catalina log redirection
[0.001s][warning][stringdedup] String Deduplication disabled: not supported by selected GC
2024-11-13T15:43:20.973L �[35m[tomct]�[0m [WARNING] [                ] [org.apache.tomcat.util.digester.Digester] [org.apache.tomcat.util.digester.SetPropertiesRule begin] - Match [Server/Service/Connector] failed to set property [sendReasonPhrase] to [false] 
2024-11-13T15:43:23.276L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.coyote.http11.Http11NioProtocol] [org.apache.coyote.AbstractProtocol init] - Initializing ProtocolHandler ["http-nio-127.0.0.1-8040"] 
2024-11-13T15:43:23.572L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.catalina.core.StandardService] [org.apache.catalina.core.StandardService startInternal] - Starting service [Catalina] 
2024-11-13T15:43:23.573L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.catalina.core.StandardEngine] [org.apache.catalina.core.StandardEngine startInternal] - Starting Servlet engine: [Apache Tomcat/10.1.28] 
2024-11-13T15:43:23.673L �[35m[tomct]�[0m [INFO ] [                ] [org.apache.catalina.startup.HostConfig] [org.apache.catalina.startup.HostConfig deployDescriptor] - Deploying deployment descriptor [/opt/jfrog/artifactory/app/access/tomcat/conf/Catalina/localhost/access.xml] 
2024-11-13T15:43:23.772L �[35m[tomct]�[0m [WARNING] [                ] [org.apache.catalina.startup.HostConfig] [org.apache.catalina.startup.HostConfig deployDescriptor] - The path attribute with value [/access] in deployment descriptor [/opt/jfrog/artifactory/app/access/tomcat/conf/Catalina/localhost/access.xml] has been ignored 
2024-11-13T15:43:50.076Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [6f0fd7bd62261071] [licationContextInitializer:166] [main                ] - Access (jfac) service initialization started. Version: 7.128.4 Revision: 82804900 PID: 2476 Home: /opt/jfrog/artifactory FIPS Mode: none
2024-11-13T15:43:51.078Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [6f0fd7bd62261071] [o.j.a.AccessApplication:50    ] [main                ] - Starting AccessApplication v7.128.4 using Java 17.0.12 with PID 2476 (/opt/jfrog/artifactory/app/access/tomcat/webapps/access/WEB-INF/lib/access-application-7.128.4.jar started by 1001160000 in /opt/jfrog/artifactory)
2024-11-13T15:43:51.170Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [6f0fd7bd62261071] [o.j.a.AccessApplication:660   ] [main                ] - The following 1 profile is active: "production"
2024-11-13T15:44:58.875Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [6f0fd7bd62261071] [alConfigurationServiceBase:151] [main                ] - Current configurations are the same as the new configurations, no need for an update. No action was taken.
2024-11-13T15:45:09.274Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [6f0fd7bd62261071] [.s.s.s.ServiceConfigFactory:47] [main                ] - Initializing task scheduler with 9 threads
2024-11-13T15:45:09.871Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [6f0fd7bd62261071] [j.a.s.s.t.TokenServiceImpl:236] [main                ] - Scheduling task for revoking expired tokens using cron expression: 37 10 0/1 * * ?

Terminating Access
2024-11-13T15:45:27.076Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.maxThreads (50) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:45:27.873Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.tomcat.connector.extraConfig (acceptCount="100") from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:45:29.177Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.extraJavaOpts (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:45:29.772Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.extraJavaOpts (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:45:30.873Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.database.type (postgresql) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:45:32.077Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [6f0fd7bd62261071] [b.AccessServerBootstrapImpl:54] [main                ] - [ACCESS BOOTSTRAP] Starting JFrog Access bootstrap...
2024-11-13T15:45:32.469Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .shared.database.url (__sensitive_key_hidden___) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:45:33.473Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved JF_SHARED_DATABASE_PASSWORD (__sensitive_key_hidden___) from environment variable
2024-11-13T15:45:34.270Z [shell] �[38;5;69m[INFO ]�[0m [] [systemYamlHelper.sh:621       ] [main] - Resolved .access.database.maxOpenConnections (80) from /opt/jfrog/artifactory/var/etc/system.yaml
2024-11-13T15:45:34.478Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [6f0fd7bd62261071] [b.AccessServerBootstrapImpl:70] [main                ] - [ACCESS BOOTSTRAP] JFrog Access bootstrap finished.
2024-11-13T15:45:34.573Z �[1;33m[jfac ]�[0;39m �[34m[INFO ]�[0;39m [6f0fd7bd62261071] [.s.j.JfConnectConfiguration:42] [main                ] - JFCON entitlements are disabled. jfconnect.enabled and jflink.enabled are false or undefined
2024-11-13T15:45:36.470Z [shell] �[38;5;69m[INFO ]�[0m [] [installerCommon.sh:1292       ] [main] - Redirection is set to false. Skipping catalina log redirection
Using the default catalina management port (8016) to test shutdown
/usr/bin/netstat
Access Tomcat already stopped

@RobinDuhan
Copy link

RobinDuhan commented Nov 14, 2024

The PVC is mounted with Read/write.

This is only for artifactory/var directories, not the app ones. Can you make sure that there's no SecurityContextConstraints that could pose a problem?

The system.yaml validation error can be ignored.

@jkdev2
Copy link
Author

jkdev2 commented Nov 14, 2024

We have the following SCC constraints. As far as I see there is no real blocker with read-only settings

allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: false
allowPrivilegedContainer: false
allowedCapabilities:
- NET_BIND_SERVICE
apiVersion: security.openshift.io/v1
defaultAddCapabilities: null
fsGroup:
  type: MustRunAs
groups: []
kind: SecurityContextConstraints
metadata:
  annotations:
    include.release.openshift.io/ibm-cloud-managed: "true"
    include.release.openshift.io/self-managed-high-availability: "true"
    include.release.openshift.io/single-node-developer: "true"
    kubernetes.io/description: restricted-v2 denies access to all host features and
      requires pods to be run with a UID, and SELinux context that are allocated to
      the namespace. This is the most restrictive SCC and it is used by default for
      authenticated users. On top of the legacy 'restricted' SCC, it also requires
      to drop ALL capabilities and does not allow privilege escalation binaries. It
      will also default the seccomp profile to runtime/default if unset, otherwise
      this seccomp profile is required.
  creationTimestamp: "2023-07-28T14:20:08Z"
  generation: 2
  name: restricted-v2
  ownerReferences:
  - apiVersion: config.openshift.io/v1
    controller: true
    kind: ClusterVersion
    name: version
    uid: 74602fc4-2da8-4ef1-a19f-30b58f5ec1fa
  resourceVersion: "548966761"
  uid: 2a375ca0-455c-4a51-93e4-99abe2bc0006
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
  type: MustRunAsRange
seLinuxContext:
  type: MustRunAs
seccompProfiles:
- runtime/default
supplementalGroups:
  type: RunAsAny
users: []
volumes:
- configMap
- csi
- downwardAPI
- emptyDir
- ephemeral
- persistentVolumeClaim
- projected
- secret

@eselvam
Copy link

eselvam commented Dec 6, 2024

for me it is permission denied error in the nginx and could not create service home mkdir permission denied in artifactory-0 container.

we enabled anyuid and disabled pod and container context as false as per install document. Still same issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants