Trying to install and configure nexusVersion=“3.32.0” on centos 9 and redhat 9. And came accross the following error:
Failed to start
java.nio.file.AccessDeniedException: /opt/sonatype/nexus/etc/ssl/keystore.jks
The same installation works fine on centos 7.9.
Noticed that openssl versions are different:
OpenSSL 1.0.2k-fips for centos 7.9
and OpenSSL 3.0.7 for Centos 9.
Also used the certs and keystore, created on 7.9, on centos 9 (used the same host name for both servers) and nexus WORKED.
So is there anything I need to do for it to work on centos 9 and redhat9?
Thank you. Any advice would be highly appreciated.
Matthew,
Is there anything else that you can advise to check or I need to do in order to install it on RedHat and higher versions of Centos? Because the scripts that we use for centos 7.9 and centos 9 are the same, yet the issue exists. Something definitely is not the same.
Unfortunately I don’t really have other thoughts with what you’ve posted.
If there is a stacktrace you could see if there is a cause for the exception that may have more information about why an AccessDeniedException occurred.
2023-06-05 14:36:49,857+0000 ERROR [jetty-main-1] *SYSTEM org.sonatype.nexus.bootstrap.jetty.JettyServer - Failed to start
java.nio.file.AccessDeniedException: /opt/sonatype/nexus/etc/ssl/keystore.jks
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
at java.nio.file.Files.newByteChannel(Files.java:361)
at java.nio.file.Files.newByteChannel(Files.java:407)
at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384)
at java.nio.file.Files.newInputStream(Files.java:152)
at org.eclipse.jetty.util.resource.PathResource.getInputStream(PathResource.java:462)
at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:52)
at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1203)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:322)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.server.Server.doStart(Server.java:401)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.sonatype.nexus.bootstrap.jetty.JettyServer$JettyMainThread.run(JettyServer.java:274)
Solved the issue by changing ownership to the nexus directory to nexus user: chown -R 200:200 $nexusDirectory.
Works without it in earlier versions (3.22) on centos 7.9