Hello Sonatype Community,
We resolved our “LOADING UI / Cannot connect to Nexus” problems.
Thanks again for everyone’s help & comments.
In short: the LDAP Realm position order in NEXUS SERVER configuration was the problem.
The fix: we put LDAP below the XML realms (as mentioned in NEXUS documentation).
Summary below – Maybe the below explanation can help other people…
The problem manifested itself in a really odd way.
Regards,
~ John Dove
################################################
####### THE PROBLEM
################################################
1
Web Browsers (Firefox / Chrome / Edge) all suffered random, but frequent,
“LOADING UI… / Cannot connect to Nexus” errors. After a period of time (2-3 minutes)
Nexus behavior returned to normal. Very mysterious…
2
In a different machine architecture of build machines, our Jenkins SLAVE machines’ MAVEN java processes suffered severe (2-3 minute) lags during artifact downloads. Jenkins was so robust however, that Jenkins kept trying artifact downloads again and again, and eventually succeeded in the builds. But the Nexus lag problem was still there the whole time.
3
Importantly, when either of the above behaviors occurred (in Browser or Maven process)
then the other suffered as well. Meaning, either type of mechanism could perform the instigating requests. The fact Maven builds could trigger the NEXUS lag was a key-indicator that the problem was NOT browser-caused. That lead us to look at Nexus…
################################################
####### RESEARCH
################################################
We set the NEXUS server ROOT logger to DEBUG level.
Watched the NEXUS’ WRAPPER.LOG file.
Saw LDAP errors were getting spammed whenever Nexus was contacted.
################################################
####### THE CAUSE
################################################
The NEXUS “anonymous” user was used for all artifact download requests & browser access.
NEXUS “anonymous” user was NOT in our LDAP realm
NEXUS “anonymous” user was only inside the NEXUS’ proprietary XML realm.
LDAP was listed FIRST (at top).
LDAP failed to find “anonymous” user, and thus spammed exceptions into WRAPPER.LOG.
Randomly NEXUS would “choke” on this (for lack of better term) and performance degradation occurred horribly, which caused lag to browsers & maven builds. The browsers crashed. Maven builds waiting, retried, and succeeded.
################################################
####### THE FIX
################################################
One change. One field.
Inside NEXUS we moved the LDAP realm to the BOTTOM of the list.
XML first.
Then LDAP second.
Problem gone.
################################################
####### INTERESTING NOTE
################################################
Nexus + Jenkins performance testing did NOT reveal the above problem.
Only the browser symptoms made me aware of this dilemma.
Why?
As it turns out, Jenkins Maven build processes are extremely robust; the Maven builds worked after waiting 2 or 3 minutes and trying again. So Jenkins never made it clear there was a problem. Only the browser LOADING UI… screen made it apparent.
THANKS AGAIN FOR THE HELP IN SUGGESTIONS FROM THE FORUM
VERY MUCH APPRECIATED.
IF/WHEN INTERESTING PROBLEMS / SOLUTIONS ARISE, I WILL KEEP THIS FORUM UPDATED.
John Dove