Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Outbound requests to clm.sonatype.com/user-telemetry #518

Open
dcortizo-nr opened this issue Nov 19, 2024 · 5 comments
Open

Outbound requests to clm.sonatype.com/user-telemetry #518

dcortizo-nr opened this issue Nov 19, 2024 · 5 comments
Assignees
Labels

Comments

@dcortizo-nr
Copy link

Hello,

I am using Nexus Repository Manager OSS 3.74.0-05 in a Docker container, from the official Docker Hub Image.

I have declined the optional in-product analytics program. I have also disabled and then deleted the Analytics and Outreach capability.

However, in the outbound-request.log I keep seeing around 80 connections per minute to https://clm.sonatype.com/user-telemetry/v1/rte/v2...

I had another installation on Nexus OSS, version 3.65 where I didn't see this behavior. Can somebody try to replicate this behavior? I have just tested again by running a docker container in the version 3.74.0-05 or 3.73 and even the Nexus instance was completely empty, I declined to opt-in the program and removed the analytics capability, all those connections appeared in the outbound-request.log.

It doesn't seem correct.

Regards

@dhtek
Copy link

dhtek commented Nov 25, 2024

I’ve tested with a clean Nexus OSS 3.74.0-05 instance and observed similar behavior. Despite declining the opt-in program and removing the analytics capability, the outbound connections still appeared in the outbound-request.log. This behavior doesn’t seem correct to me either.

@ChriFo
Copy link

ChriFo commented Nov 27, 2024

Adding nexus.analytics.enabled=false to nexus.propertties fixed it for me.

Adding nexus.analytics.enabled=false to nexus.propertties avoid the request to clm.sonatype.com but fills the nexus.log with errors:

======================
Full classname legend:
======================
LocatorWiring:         "org.eclipse.sisu.wire.LocatorWiring"
NexusBundleModule:     "org.sonatype.nexus.extender.modules.NexusBundleModule"
SpaceModule:           "org.eclipse.sisu.space.SpaceModule"
UserTelemetryResource: "com.sonatype.analytics.internal.rest.UserTelemetryResource"
UserTelemetryService:  "com.sonatype.analytics.internal.service.UserTelemetryService"
========================
End of classname legend:
========================

	at com.google.inject.internal.InternalProvisionException.toProvisionException(InternalProvisionException.java:251)
	at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1151)
	at org.eclipse.sisu.inject.LazyBeanEntry.getValue(LazyBeanEntry.java:81)
	at org.sonatype.nexus.siesta.internal.resteasy.SisuResourceFactory.createResource(SisuResourceFactory.java:56)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
	at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
	at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
	at org.sonatype.nexus.siesta.internal.resteasy.ComponentContainerImpl.service(ComponentContainerImpl.java:111)
	at org.sonatype.nexus.siesta.SiestaServlet.service(SiestaServlet.java:137)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:293)
	at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:283)
	at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:184)
	at com.google.inject.servlet.DynamicServletPipeline.service(DynamicServletPipeline.java:71)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:458)
	at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:96)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:373)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:370)
	at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:112)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:112)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:458)
	at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:96)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:373)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:370)
	at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:112)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.sonatype.nexus.licensing.internal.LicensingRedirectFilter.doFilter(LicensingRedirectFilter.java:116)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:112)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:79)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.EnvironmentFilter.doFilter(EnvironmentFilter.java:101)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.HeaderPatternFilter.doFilter(HeaderPatternFilter.java:98)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.google.inject.servlet.DynamicFilterPipeline.dispatch(DynamicFilterPipeline.java:104)
	at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:133)
	at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:239)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
	at java.base/java.lang.Thread.run(Thread.java:840)
2024-11-27 14:37:41,807+0000 WARN  [qtp1891101776-107]  christian.fochler org.sonatype.nexus.siesta.internal.UnexpectedExceptionMapper - (ID 4335be5d-76c1-46b2-91ef-6b6646176163) Response: [500] 'ERROR: (ID 4335be5d-76c1-46b2-91ef-6b6646176163) com.google.inject.ProvisionException: Unable to provision, see the following errors:

1) [Guice/NullInjectedIntoNonNullable]: null returned by binding at LocatorWiring
 but the 6th parameter of UserTelemetryService.<init>(UserTelemetryService.java:121) is not @Nullable
  at LocatorWiring
  at UserTelemetryService.<init>(UserTelemetryService.java:121)
      \_ for 6th parameter
  at /
      \_ installed by: NexusBundleModule -> SpaceModule
  at UserTelemetryResource.<init>(UserTelemetryResource.java:50)
      \_ for 1st parameter
  at /
      \_ installed by: NexusBundleModule -> SpaceModule
  while locating UserTelemetryResource
  while locating Object annotated with *

Learn more:
  https://github.com/google/guice/wiki/NULL_INJECTED_INTO_NON_NULLABLE

1 error

======================
Full classname legend:
======================
LocatorWiring:         "org.eclipse.sisu.wire.LocatorWiring"
NexusBundleModule:     "org.sonatype.nexus.extender.modules.NexusBundleModule"
SpaceModule:           "org.eclipse.sisu.space.SpaceModule"
UserTelemetryResource: "com.sonatype.analytics.internal.rest.UserTelemetryResource"
UserTelemetryService:  "com.sonatype.analytics.internal.service.UserTelemetryService"
========================
End of classname legend:
========================
'; mapped from: com.google.inject.ProvisionException: Unable to provision, see the following errors:

1) [Guice/NullInjectedIntoNonNullable]: null returned by binding at LocatorWiring
 but the 6th parameter of UserTelemetryService.<init>(UserTelemetryService.java:121) is not @Nullable
  at LocatorWiring
  at UserTelemetryService.<init>(UserTelemetryService.java:121)
      \_ for 6th parameter
  at /
      \_ installed by: NexusBundleModule -> SpaceModule
  at UserTelemetryResource.<init>(UserTelemetryResource.java:50)
      \_ for 1st parameter
  at /
      \_ installed by: NexusBundleModule -> SpaceModule
  while locating UserTelemetryResource
  while locating Object annotated with *

Learn more:
  https://github.com/google/guice/wiki/NULL_INJECTED_INTO_NON_NULLABLE

1 error

@dcortizo-nr
Copy link
Author

@ChriFo Thanks for the input. Yes, I see the same behavior in 3.74.

@ChriFo
Copy link

ChriFo commented Nov 27, 2024

Somehow the stacktraces are gone. 🤷🏻

For the record this is my complete nexus.properties:

nexus-edition=nexus-oss-edition
nexus-features=nexus-oss-feature

# https://support.sonatype.com/hc/en-us/articles/360049884673#rhc
nexus.ossindex.plugin.enabled=false

# https://help.sonatype.com/en/in-product-analytics-capability.html
# https://github.com/sonatype/nexus-public/blob/main/components/nexus-rapture/src/main/java/org/sonatype/nexus/rapture/internal/RaptureWebResourceBundle.java
nexus.analytics.enabled=false

# https://community.sonatype.com/t/help-us-improve-nexus-repository-dialog-is-stuck/7006/3
nexus.onboarding.enabled=false

# https://community.sonatype.com/t/sonatype-nexus-repository-warns-1-malware-component-found/13718/18
nexus.malware.risk.enabled=false
nexus.malware.risk.on.disk.enabled=false

Maybe the capability setup is important as well:

  • Analytics: Configuration: disabled
  • Health Check: Configuration: Configured for all supported repositories: false
  • Outreach: Management: disabled

@dcortizo-nr
Copy link
Author

@mrprescott I think this is a bug, this is not the expected behavior. Would it be possible that you change this to be a bug instead of a question? Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants