Details
-
Bug
-
Resolution: Fixed
-
High
-
6.10.1, 6.10.3, 7.3.1
-
None
-
1
-
Severity 2 - Major
-
5
-
Description
Issue Summary
Cloning LFS repos from a mirror farm with more than one node fails.
If the mirror farm only has one node, there is no issue and the repo is cloned successfully with the LFS files.
Steps to Reproduce
- Set up a mirror farm with at least 2 nodes
- Set up repo with LFS
- Add the project containing the repo to the list of mirrored projects
- Clone the LFS repo from the mirror farm
Expected Results
LFS repo is cloned successfully.
Actual Results
Cloning the repo fails.
An "Authentication required: Authorization error" is returned.
e.g.
Error downloading object: Cute-Animals-that-Are-Not-Pets-812x464.jpg (8033694): Smudge error: Error downloading Cute-Animals-that-Are-Not-Pets-812x464.jpg (8033694255cebd1948f815f199d0091d2ea9804c6db9eea8f9043a2d037fb52e): Authentication required: Authorization error: https://bbmirrorfarm2:8443/rest/git-lfs/storage/BITBUCKETDC2/DC4LFS/dc-lfs-repo1/8033694255cebd1948f815f199d0091d2ea9804c6db9eea8f9043a2d037fb52e
Check that you have proper access to the repository
The following message is logged in atlassian-bitbucket.log:
2020-09-10 00:09:18,327 WARN [http-nio-7990-exec-6] *1UUSRYCx9x1195x0 10.255.0.1,10.255.2.3 "POST /scm/bitbucketdc2/dc4lfs/dc-lfs-repo1.git/info/lfs/objects/batch HTTP/1.1" c.a.j.i.s.DefaultAuthenticationResultHandler Signature mismatch during JWT authentication, issuer: com.atlassian.bitbucket.server.bitbucket-git-lfs com.atlassian.jwt.exception.JwtSignatureMismatchException: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwicmVwbyI6MTIsImlzcyI6ImNvbS5hdGxhc3NpYW4uYml0YnVja2V0LnNlcnZlci5iaXRidWNrZXQtZ2l0LWxmcyIsImNvbnRleHQiOnsidXNlciI6eyJoaWdoZXN0UGVybWlzc2lvbiI6IlNZU19BRE1JTiIsImRpc3BsYXlOYW1lIjoiQWRtaW4iLCJzbHVnIjoiYWRtaW4iLCJ1c2VyS2V5IjoiMSIsInVzZXJuYW1lIjoiYWRtaW4ifX0sImV4cCI6MTU5OTY5Njg1OCwiaWF0IjoxNTk5Njk2NTU4fQ.b2hGyy1RF1tee3X5zXdwelQfqHlXlyR18pCXsAhBvlE at com.atlassian.jwt.core.reader.NimbusJwtReader.verify(NimbusJwtReader.java:164) at com.atlassian.jwt.core.reader.NimbusJwtReader.read(NimbusJwtReader.java:74) at com.atlassian.jwt.core.reader.NimbusJwtReader.readAndVerify(NimbusJwtReader.java:57) at com.atlassian.jwt.internal.DefaultJwtService.verifyJwt(DefaultJwtService.java:49) at com.atlassian.jwt.internal.sal.JwtAuthenticatorImpl.verifyJwt(JwtAuthenticatorImpl.java:62) at com.atlassian.jwt.core.http.auth.AbstractJwtAuthenticator.verifyJwt(AbstractJwtAuthenticator.java:118) at com.atlassian.jwt.core.http.auth.AbstractJwtAuthenticator.authenticate(AbstractJwtAuthenticator.java:71) at com.atlassian.jwt.internal.sal.JwtAuthenticatorImpl.authenticate(JwtAuthenticatorImpl.java:30) at com.atlassian.jwt.internal.servlet.JwtAuthFilter.mayProceed(JwtAuthFilter.java:79) at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:35) at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42) at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:90) at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73) at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:87) at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.lang.Thread.run(Unknown Source) ... 68 frames trimmed
Workaround
Currently there is no known workaround for this behavior.
A workaround will be added here when available