-1

Not sure where to post this?!?!?!

When using Jeremy Longs dependency-check the following error occurred today and stalled our development/CICID (jenkins slave within OTC):

$ dependency-check.sh -l depcheck.log -s ref-jpers-service/ ... java.io.IOException: Finally failed connecting to Central search. Giving up after 7 tries. ..... DEBUG - Searching Central url https://search.maven.org/solrsearch/select?q=1:09f917203ec273fb5e6a8a49b8bec8d6f72ddf21&wt=xml DEBUG - Could not connect to Central search (tries left: 6): Could not connect to MavenCentral (504): Gateway Time-out -...

Analyzing the request as found in the debug log shows a Gateway response 502 or 504 after the TLS handshake.

Its working rarely, but mostly we get response codes 502, or 504 even 400

This is from our cluster in the OTC via aa.bb.cc.dd
But I saw this also from the DTAG network via xx.yy.zz.aa

The similar curl requests showed a message: Connection state changed (MAX_CONCURRENT_STREAMS == 128)!) So I am suspecting a DOS filter on the loadbalancer of search.maven.org???

I have the following questions: • In the DOS case could you please share the rules for the DOS filter so we can behave better - wait long enough etc. • Is there any other way to resolve this kind of issue?

U.V.
  • 99
  • 3
  • I don't really know what you're asking from ServerFault. For maven support see https://central.sonatype.org/pages/support/ and https://status.maven.org/ reports several issues for Jan 12th but nothing today. – diya Jan 13 '23 at 12:02

2 Answers2

0

Firstly, I suggest don't mention any ip which is related to any workspace.

5XX is server side error which means you need to check if server is healthy or not if you are not owning server contact owners. I can see similar issue in below link.

https://github.com/jeremylong/DependencyCheck/issues/5291

Hope it will give you pointer to move forward.

asktyagi
  • 2,860
  • 2
  • 8
  • 25
0

the solution was actually an issue of the search.maven.org server. It seems to be ok now.

What made it difficult is that the localnexus configuration of dependency-check seems to be not working with a Nexus3 Pro server. changes in the Rest API and lack of debug info (request details) on the dependency-checker side.

So the lesson learned is..... have an off switch for any external system in your CI/CD setup which can break your builds..... External means here that you cannot call the Ops to tell you whats going on. Public Free servers are a particularly bad example because it seems almost impossible to reach anyone in charge ;)

U.V.
  • 99
  • 3