Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-12570

Cloning LFS repos from multi-node mirror farm fails

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 6.10.1, 6.10.3, 7.3.1
    • Fix Version/s: 6.10.7
    • Component/s: Git LFS
    • Labels:
      None

      Description

      Issue Summary

      Cloning LFS repos from a mirror farm with more than one node fails.

      If the mirror farm only has one node, there is no issue and the repo is cloned successfully with the LFS files.

      Steps to Reproduce

      1. Set up a mirror farm with at least 2 nodes
      2. Set up repo with LFS
      3. Add the project containing the repo to the list of mirrored projects
      4. Clone the LFS repo from the mirror farm

      Expected Results

      LFS repo is cloned successfully.

      Actual Results

      Cloning the repo fails.

      An "Authentication required: Authorization error" is returned.
      e.g.

      Error downloading object: Cute-Animals-that-Are-Not-Pets-812x464.jpg (8033694): Smudge error: Error downloading Cute-Animals-that-Are-Not-Pets-812x464.jpg (8033694255cebd1948f815f199d0091d2ea9804c6db9eea8f9043a2d037fb52e): Authentication required: Authorization error: https://bbmirrorfarm2:8443/rest/git-lfs/storage/BITBUCKETDC2/DC4LFS/dc-lfs-repo1/8033694255cebd1948f815f199d0091d2ea9804c6db9eea8f9043a2d037fb52e
      Check that you have proper access to the repository
      

      The following message is logged in atlassian-bitbucket.log:

      2020-09-10 00:09:18,327 WARN  [http-nio-7990-exec-6] *1UUSRYCx9x1195x0 10.255.0.1,10.255.2.3 "POST /scm/bitbucketdc2/dc4lfs/dc-lfs-repo1.git/info/lfs/objects/batch HTTP/1.1" c.a.j.i.s.DefaultAuthenticationResultHandler Signature mismatch during JWT authentication, issuer: com.atlassian.bitbucket.server.bitbucket-git-lfs
      com.atlassian.jwt.exception.JwtSignatureMismatchException: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwicmVwbyI6MTIsImlzcyI6ImNvbS5hdGxhc3NpYW4uYml0YnVja2V0LnNlcnZlci5iaXRidWNrZXQtZ2l0LWxmcyIsImNvbnRleHQiOnsidXNlciI6eyJoaWdoZXN0UGVybWlzc2lvbiI6IlNZU19BRE1JTiIsImRpc3BsYXlOYW1lIjoiQWRtaW4iLCJzbHVnIjoiYWRtaW4iLCJ1c2VyS2V5IjoiMSIsInVzZXJuYW1lIjoiYWRtaW4ifX0sImV4cCI6MTU5OTY5Njg1OCwiaWF0IjoxNTk5Njk2NTU4fQ.b2hGyy1RF1tee3X5zXdwelQfqHlXlyR18pCXsAhBvlE
      	at com.atlassian.jwt.core.reader.NimbusJwtReader.verify(NimbusJwtReader.java:164)
      	at com.atlassian.jwt.core.reader.NimbusJwtReader.read(NimbusJwtReader.java:74)
      	at com.atlassian.jwt.core.reader.NimbusJwtReader.readAndVerify(NimbusJwtReader.java:57)
      	at com.atlassian.jwt.internal.DefaultJwtService.verifyJwt(DefaultJwtService.java:49)
      	at com.atlassian.jwt.internal.sal.JwtAuthenticatorImpl.verifyJwt(JwtAuthenticatorImpl.java:62)
      	at com.atlassian.jwt.core.http.auth.AbstractJwtAuthenticator.verifyJwt(AbstractJwtAuthenticator.java:118)
      	at com.atlassian.jwt.core.http.auth.AbstractJwtAuthenticator.authenticate(AbstractJwtAuthenticator.java:71)
      	at com.atlassian.jwt.internal.sal.JwtAuthenticatorImpl.authenticate(JwtAuthenticatorImpl.java:30)
      	at com.atlassian.jwt.internal.servlet.JwtAuthFilter.mayProceed(JwtAuthFilter.java:79)
      	at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:35)
      	at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
      	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:90)
      	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73)
      	at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:87)
      	at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      	at java.lang.Thread.run(Unknown Source)
      	... 68 frames trimmed
      

      Workaround

      Currently there is no known workaround for this behavior.
      A workaround will be added here when available

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              wkritzinger Wolfgang Kritzinger
              Reporter:
              jmariano@atlassian.com JP Mariano
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Backbone Issue Sync