Ansible role is failing during update from Nexus 3.71.1-06 to 3.73.0-12

[uwehdaub]

During the update from Nexus 3.71.1 to 3.73.0 the role (v2.5.2) fails with the following error message:

TASK [ansible-thoteam.nexus3-oss : Calling Groovy script setup_ldap] **************
fatal: [dxnexustest0.ciserver.dxnexus.test1.peng.be-gcw1.metroscales.io]: FAILED! => 
   {"changed": false, "connection": "close", "content_length": "455", "content_type": "application/json", "date": "Mon, 14 Oct 2024 12:36:59 GMT", "elapsed": 3, 
   "failed_when_result": true, "json": {"name": "setup_ldap", "result": "javax.script.ScriptException: groovy.lang.MissingMethodException: 
   No signature of method: org.sonatype.nexus.ldap.persist.entity.Connection.setSystemPassword() 
   is applicable for argument types: (String) values: <secret-password-here>
   Possible solutions: setSystemPassword(org.sonatype.nexus.crypto.secrets.Secret), getSystemPassword(), 
   setRawSystemPassword(java.lang.String), getRawSystemPassword()"}, 
   "msg": "Status code was 400 and not [200]: HTTP Error 400: Bad Request", "redirected": false, "server": "Nexus/3.73.0-12 (OSS)", 
   "status": 400, "url": "http://localhost:8081/service/rest/v1/script/setup_ldap/run", "x_content_type_options": "nosniff"}

This is the next error I stumbled in when I patched the ansible role locally (by commenting out the parts that are responsible for #431).
It seems that over time more and more groovy scripts needs to be replaced by API calls.

[brianveltman]

What does your ansible command look like?

Are you using tags? Or only execute partials of the playbook?

Haven't seen this myself tho..

I have a version of this role that mainly uses API calls instead of Groovy. It can be found at https://github.com/CloudKrafter/nexus3-pro

Let me know if you need more help

[uwehdaub]

The ansible command looks like

> ansible-playbook --tags nexus -l test nexus.yml

So yes, I'm using tags, but not to execute the nexus role partially.
The corresponding part of nexus.yml is

  vars_files:
    - nginx.yml
    - nexus_secrets.yml
    - nexus_blobstores.yml
    - nexus_privileges_and_roles.yml
    - nexus_local_users.yml
    - nexus_ldap_users.yml
    - nexus_repo_maven.yml
    - nexus_repo_npm.yml
    - nexus_repo_raw.yml
    - nexus_repo_nuget.yml
    - datadog-checks.yml
    - google-cloud.yml

  roles:
    - { role: "google.cloud.gcloud", tags: ["backup", "basic", "nexus"] }
    - { role: "nexus.basic", tags: ["basic", "nexus"] }
    - { role: "gcloud-config", tags: ["backup", "config"] }
    - { role: "geerlingguy.java", tags: ["nexus", "java"] }
    - { role: "ansible-thoteam.nexus3-oss", tags: ["nexus"] }
    - { role: "geerlingguy.nginx", tags: ["nginx"] }
    - { role: "datadog.datadog", tags: ["datadog"] }
    - { role: "mtail", tags: ["mtail"] }

The nexus tag is executing the full ansible role (with create_blobstores.groovy commented out to get around the error from #431)

[uwehdaub]

I did a second test.
This time only running the nexus role and upgrading step by step: 3.71.0 --> 3.72.0 --> 3.73.0.
The upgrade 3.71.0 --> 3.72.0 works fine (apart of #431) but 3.72.0 --> 3.73.0 fails with the above error message during the configuration of the LDAP connection.

[brianveltman]

Alright, that means we have to move more tasks to the Nexus API.
Will take a look at it later this week.