Fix: sonatype/nexus-blobstore-s3 plugin

1. WHAT HAPPENED?

I accidentally deleted the S3 Bucket and Access Keys which were used by the nexus-blobstore-s3 plugin and then Nexus OSS 3.14.0 server could not start anymore.

2. ERROR

2018-10-17 15:05:56,530+0530 ERROR [FelixStartLevel] *SYSTEM org.sonatype.nexus.repository.internal.blobstore.BlobStoreManagerImpl - Failed transition: NEW -> STARTED org.sonatype.nexus.blobstore.api.BlobStoreException: Unable to initialize blob store bucket: zone-nexus-s3, Cause: The AWS Access Key Id you provided does not exist in our records. (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId; Request ID: 602E25272A7277D3; S3 Extended Request ID: 0KoHw+4u6aJqwdl+zhsph3yR+UQJ6IG1iXqpHIkKZD/K7rCMlhp+CI9Yx/AtS5QpFkGJ86cBEXk=)

3. FIX

3.1. Launch the OrientDB console using the same version of Java executable that Nexus is using.

java -jar /opt/nexus/lib/support/nexus-orient-console.jar

You should be presented with a command-line interface such as this, ready to accept your commands.

OrientDB console v.2.2.16 www.orientdb.com
Type 'help' to display all the supported commands.
orientdb>

3.2. Connect to the Nexus OrientDB database.

connect plocal:/zone/nexus-data/nexus3/db/config admin admin

3.3. Export the database as a JSON file.

export database /opt/nexus_database.json

Read the exported database using a text editor, and you will find a JSON data set as follows. The complete nexus_database.json can be found here.

{
"@type":"d",
"@rid":"#18:6",
"@version":1,
"@class":"repository_blobstore",
"name":"ZONE-NEXUS-S3",
"type":"S3",
"attributes":{
"s3":{
"bucket":"zone-nexus-s3",
"accessKeyId":"AKIAIG72PIANEZGF5QGQ",
"secretAccessKey":"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",
"sessionToken":"",
"assumeRole":"",
"region":"ap-south-1",
"endpoint":"",
"expiration":"3",
"signertype":""
}
}
},

Updated AWS S3 Configurations

PROPERTY

VALUE

BUCKET_NAME

zone-nexus-s3

AWS_ACCESS_KEY_ID

ACFRTYSDVS2R3O8EWRA

AWS_SECRET_ACCESS_KEY

H4nWq6Nbm9439hF12rEzadsVo/2RqwQH3LPmbvT

REGION

us-east-1

3.4. Update the necessary nexus properties. I'm updating bucket, accessKeyId, secretAccessKey and region properties which need to modify according to the updated nexus configurations.

# Update S3 Bucket
update repository_blobstore set attributes.s3.bucket='zone-nexus-s3' where name='ZONE-NEXUS-S3'
# Update S3 Access Key ID
update repository_blobstore set attributes.s3.accessKeyId='ACFRTYSDVS2R3O8EWRA' where name='ZONE-NEXUS-S3'
# Update S3 Secret Access Key
update repository_blobstore set attributes.s3.secretAccessKey='H4nWq6Nbm9439hF12rEzadsVo/2RqwQH3LPmbvT' where name='ZONE-NEXUS-S3'
# Update S3 Bucket Region
update repository_blobstore set attributes.s3.region='us-east-1' where name='ZONE-NEXUS-S3'

3.5. Disconnect and exit from the Nexus OrientDB database.

disconnect
exit

3.6. Provide necessary permissions to the Nexus OrientDB database.

chown -R nexus:nexus /zone/nexus-data/nexus3/db

3.7. Restart Nexus server.

sudo systemctl restart nexus.service

3.8. Monitor Nexus service logs.

tail -f /zone24x7/nexus-data/nexus3/log/nexus.log

References