Authentication required on Maven during deploy a JBoss EAP Source-to-Image (S2I) Application to OpenShift environment

Solution Verified - Updated

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 7.x
  • Red hat OpenShift Container Platform (OCP)
    • 4.x

Issue

During deploy of application using jboss EAP S2I an unauthenticated issue happens:
oc new-app eap73-basic-s2i MAVEN_MIRROR_URL Not authorized , ReasonPhrase:Unauthorized
When the S2I builder settings.xml XML has a section like below:

  <servers>
    <server>
        <id>releases-repository</id>
        <username>${nexus.username}</username>
        <password>${nexus.password}</password>
    </server>
    <server>
        <id>snapshots-repository</id>
        <username>${nexus.username}</username>
        <password>${nexus.password}</password>
    </server>
    <server>
        <id>mirror.default</id>
        <username>${mirror.username}</username>
        <password>${mirror.password}</password>
    </server>
</servers>

Resolution

To add authentication details, one can add expressions to the settings.xml seems narrow and forces anybody to pass them to the build image.
For instance adding a profile with ${nexus.username} details instead of adding to all of the profiles.

Full example below:

$ cat settings.xml
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
    <!-- ### configured local repository ### -->
  <servers>
    <!-- ### configured servers ### -->
    <server>
      <id>Artifactory-EXAMPLE</id>
      <username>user@EXAMPLE.com</username>
      <password>mypassword</password>
    </server>
  </servers>
  <mirrors>
    <!-- ### configured mirrors ### -->
    <mirror>
      <id>Artifactory-EXAMPLE</id>
      <mirrorOf>*</mirrorOf>
      <name>Miror of the Maven ga repository provided by Red Hat</name>
      <url>https://artifactory.example.com/artifactory/api/remote-redhat-maven-public/</url>
    </mirror>
  </mirrors>

  <proxies>
    <!-- ### configured http proxy ### -->
  </proxies>

  <profiles>
  
    <profile>
      <id>EXAMPLE-profile</id>
      <repositories>
        <repository>
          <id>Artifactory-EXAMPLE</id>
          <url>https://artifactory.example.com/artifactory/remote-redhat-maven-public</url>
          <releases>
            <enabled>true</enabled>
          </releases>
        </repository>
      </repositories>
      <pluginRepositories>
        <pluginRepository>
          <id>Artifactory-EXAMPLE</id>
          <url>https://artifactory.example.com/artifactory/remote-redhat-maven-public</url>
          <releases>
            <enabled>true</enabled>
          </releases>
        </pluginRepository>
      </pluginRepositories>
    </profile>

For more information, see JBoss EAP 7 Guide - Chapter 2. Build and Run a Java Application on the JBoss EAP for OpenShift Image

Root Cause

Customization of settings.xml in Galleon build is extensively discussed in EAP 7/8 Galleon settings xml in the building process:

For advance settings, let's say PROXY settings the user can set:

  • a custom settings.xml - see above
  • via MAVEN environment variables, e.g. MAVEN_MIRROR_URL, MAVEN_MIRROR_URL, MAVEN_MIRRORS.

In other words, for advanced manipulation (mirroring and proxy settings) it is much easier to either use the provided environment variables or use a full custom settings.xml, which is set via GALLEON_MAVEN_ARGS= -gs ../global-setting.xml <--- example.

To provide a custom settings.xml when provisioning the server using Galleon, the settings passed to GALLEON_MAVEN_ARGS is not used.

Diagnostic Steps

  1. For debug logs see set ENV SCRIPT_DEBUG true as Interpreting Galleon Maven debug build logs to verify the legacy or non-legacy build is being used.
  2. Verify the flag galleon_legacy to track if legacy is being used as explained EAP 8 Galleon legacy vs non-legacy build.
  3. Note that GALLEON_PROVISION_FEATURE_PACKS can only be used when GALLEON_PROVISION_LAYERS is set

Example output:

++ MAVEN_S2I_ARTIFACT_DIRS=target
++ MAVEN_S2I_GOALS=package
++ '[' true == true ']'
++ MAVEN_CLEAR_REPO=false
++ export MAVEN_CLEAR_REPO
++ _MAVEN_S2I_SETTINGS_XML=/tmp/artifacts/configuration/settings.xml
++ _MAVEN_S2I_ARCHIVED_REPO=/tmp/artifacts/m2
++ test -r /opt/jboss/container/maven/default//scl-enable-maven
++ source /opt/jboss/container/maven/default//maven.sh
+++ source /opt/jboss/container/util/logging//logging.sh
+++++ type -t log_warning
++++ '[' -z function ']'
+++ __JBOSS_MAVEN_DEFAULT_SETTINGS_FILE=/home/jboss/.m2/settings.xml
++ source /opt/jboss/container/maven/s2i/maven-overrides
++ maven_s2i_backward_compatibility
++ export ARTIFACT_DIR=target
++ ARTIFACT_DIR=target
++ maven_s2i_source_maven_overrides
++ :
++ maven_init
++ maven_init_vars
++ maven_init_var_MAVEN_LOCAL_REPO
++ MAVEN_LOCAL_REPO=/tmp/artifacts/m2
++ maven_init_var_MAVEN_SETTINGS_XML
++ '[' -f '' ']'
++ '[' -f /tmp/src/configuration/settings.xml ']'
++ '[' -f /home/jboss/.m2/settings.xml ']'
++ MAVEN_SETTINGS_XML=/home/jboss/.m2/settings.xml
++ maven_init_var_MAVEN_OPTS
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.