Unable to download package: Could not find package

We have a nuget feed from Nexus configured but as of yesterday some packages are not fetched correctly from Nexus.
There are other packages in the same feed that are fetched, so the feed configuration is functional.
If I access the nexus repo directly I can grab the nuget package just fine but the Octopus feed is unable to provide it.

https://octopus/api/feeds/feeds-nexus/packages/notes?packageId=ServiceLogistics.Security.AuthorizationServer&version=0.0.0.1145
yields "ErrorMessage: “The resource ‘ServiceLogistics.Security.AuthorizationServer version 0.0.0.1145’ was not found.” where as 1144 gives “Published: Thursday, March 2, 2017 9:00 AM
Description”
Both versions are present in our nexus, see attached screenshot but only one is accesible through the octopus feed.

I’ve restarted the service and clear the package cache to no avail.

Octopus version: 3.8.1

nexus_csl_security.png

Hi,

Can you let me know exactly which version of Nexus you are running, also how many versions of that package you currently have in your feed? (Due to limitations of the Nuget APIs in some cases we need to download the metadata of all versions of a package and filter on the client side and we’ve had a few cases where some Nuget feeds don’t respond to that as we expect).

Regards,
Mark

Hi Mark

We’re using a Nexus OSS 2.14.1.
We have 218 versions of the package in question.

I can see there are quite a few changes relating to nuget since OD 3.8.1 was released, should I schedule an upgrade?

/anders

Med venlig hilsen / Kind regards

[Systematic Logo]http://www.systematic.com/
Anders Jacob Truelsen
Senior Systems Engineer

Søren Frichs Vej 39, 8000 Aarhus C
Denmark

Mobile: +45 4196 5031
Anders.Jacob.Truelsen@systematic.commailto:Anders.Jacob.Truelsen@systematic.com
www.systematic.comhttp://www.systematic.com

image001.png

Hi Anders,

Taking a look at the the things we’ve changed I don’t believe any of them would affect what you are seeing, but updating certainly removes one variable. The best thing I’ve found for seeing what is going on in cases like this is to try and get a Fiddler (http://www.telerik.com/fiddler) trace of the communications between the Octopus Server and the package feed.

Are you familiar with Fiddler? If you run it on the Octopus Server while you create a release or go to the release page you should see Octopus make a request to the Nexus server that looks something like:

http://your.nexus.server/nexus/service/local/nuget/nuget/FindPackagesById()?id=‘YourPackageName’

followed by multiple calls of:

http://your.nexus.server/nexus/service/local/nuget/nuget/FindPackagesById?id='YourPackageName'&$orderby=DownloadCount+desc&$skiptoken=0%2C'YourPackageName'%2C'1.0.44'

That is Octopus getting the metadata for all versions of your package, a page at a time. If you don’t see that you may need to use the Octopus Manager application to temporarily use a proxy of 127.0.0.1:8888 (this will only effect Nuget calls by the server and if you have server-side scripts that make web requests, not Tentacle communications) to force traffic through Fiddler.

If you can do that and send me the trace I can see whats going on. What you should see is the package you are after in one of those pages of data. For what it’s worth I’ve tested Nexus 2.14.2 and it worked okay for me with an older Octopus release (I had 3.5.1 installed already, so used that to make sure I wasn’t relying on any recent fixes).

If you’re happy to try Fiddler out but need more guidance let me know. If your Nexus server is on HTTPS Fiddler has an option to temporarily install a certificate to MITM the HTTPS feed, but I understand if you don’t want to do that on a prod server, you could install a temporary Octopus install on a dev machine or something if required?

Regards,
Mark