Cloning LFS content from a mirror farm with more than one node fails

このページの内容

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

If you have only one mirror farm node or one mirror node, there is no issue and the repo is cloned successfully with the LFS files. However, once you deploy additional mirror nodes, you might encounter an issue with cloning LFS content from the mirror farm:

An "Authentication required: Authorization error" error is returned.
Error downloading object: Cute-Animals-that-Are-Not-Pets-812x464.jpg (8033694): Smudge error: Error downloading Cute-Animals-that-Are-Not-Pets-812x464.jpg (8033694255cebd1948f815f199d0091d2ea9804c6db9eea8f9043a2d037fb52e): Authentication required: Authorization error: https://bbmirrorfarm2:8443/rest/git-lfs/storage/BITBUCKETDC2/DC4LFS/dc-lfs-repo1/8033694255cebd1948f815f199d0091d2ea9804c6db9eea8f9043a2d037fb52e
Check that you have proper access to the repository



The following message is logged in $BB_HOME/log/atlassian-bitbucket.log:

2020-09-10 00:09:18,327 WARN  [http-nio-7990-exec-6] *1UUSRYCx9x1195x0 10.255.0.1,10.255.2.3 "POST /scm/bitbucketdc2/dc4lfs/dc-lfs-repo1.git/info/lfs/objects/batch HTTP/1.1" c.a.j.i.s.DefaultAuthenticationResultHandler Signature mismatch during JWT authentication, issuer: com.atlassian.bitbucket.server.bitbucket-git-lfs
com.atlassian.jwt.exception.JwtSignatureMismatchException: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwicmVwbyI6MTIsImlzcyI6ImNvbS5hdGxhc3NpYW4uYml0YnVja2V0LnNlcnZlci5iaXRidWNrZXQtZ2l0LWxmcyIsImNvbnRleHQiOnsidXNlciI6eyJoaWdoZXN0UGVybWlzc2lvbiI6IlNZU19BRE1JTiIsImRpc3BsYXlOYW1lIjoiQWRtaW4iLCJzbHVnIjoiYWRtaW4iLCJ1c2VyS2V5IjoiMSIsInVzZXJuYW1lIjoiYWRtaW4ifX0sImV4cCI6MTU5OTY5Njg1OCwiaWF0IjoxNTk5Njk2NTU4fQ.b2hGyy1RF1tee3X5zXdwelQfqHlXlyR18pCXsAhBvlE
	at com.atlassian.jwt.core.reader.NimbusJwtReader.verify(NimbusJwtReader.java:164)
	at com.atlassian.jwt.core.reader.NimbusJwtReader.read(NimbusJwtReader.java:74)
	at com.atlassian.jwt.core.reader.NimbusJwtReader.readAndVerify(NimbusJwtReader.java:57)
	at com.atlassian.jwt.internal.DefaultJwtService.verifyJwt(DefaultJwtService.java:49)
	at com.atlassian.jwt.internal.sal.JwtAuthenticatorImpl.verifyJwt(JwtAuthenticatorImpl.java:62)
	at com.atlassian.jwt.core.http.auth.AbstractJwtAuthenticator.verifyJwt(AbstractJwtAuthenticator.java:118)
	at com.atlassian.jwt.core.http.auth.AbstractJwtAuthenticator.authenticate(AbstractJwtAuthenticator.java:71)
	at com.atlassian.jwt.internal.sal.JwtAuthenticatorImpl.authenticate(JwtAuthenticatorImpl.java:30)
	at com.atlassian.jwt.internal.servlet.JwtAuthFilter.mayProceed(JwtAuthFilter.java:79)
	at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:35)
	at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:90)
	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73)
	at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:87)
	at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
	... 68 frames trimmed

Workaround 1:

Upgrade your Bitbucket to at least:

  • Bitbucket 6.10.7

  • Bitbucket 7.3.2

Workaround 2:

The issue happens due to the way LFS authentication is being handled between the mirror farm nodes. If for some reason you can not upgrade your instance, the only option left is removing additional mirror farm nodes leaving only one.

Please be advised you may still use multiple mirrors, just not as a mirror farm.

最終更新日 2021 年 1 月 7 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.