nexus-platform-plugin
nexus-platform-plugin copied to clipboard
Published
20 hours ago •
jenkinsci
jenkinsci
Install via casc causes problems
Jenkins and plugins versions report
Environment
Jenkins: 2.375.2
OS: Linux - 5.10.147+
---
adoptopenjdk:1.5
apache-httpcomponents-client-4-api:4.5.13-138.v4e7d9a_7b_a_e61
authentication-tokens:1.4
bootstrap5-api:5.2.1-3
bouncycastle-api:2.27
branch-api:2.1071.v1a_188a_562481
caffeine-api:2.9.3-65.v6a_47d0f4d1fe
checks-api:1.8.1
cloudbees-folder:6.800.v71307ca_b_986b
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-27.vb_fa_3896786a_7
configuration-as-code:1569.vb_72405b_80249
credentials:1214.v1de940103927
credentials-binding:523.vd859a_4b_122e6
display-url-api:2.3.7
durable-task:504.vb10d1ae5ba2f
echarts-api:5.4.0-1
font-awesome-api:6.2.1-1
git:5.0.0
git-client:4.1.0
instance-identity:142.v04572ca_5b_265
ionicons-api:31.v4757b_6987003
jackson2-api:2.14.2-319.v37853346a_229
jakarta-activation-api:2.0.1-2
jakarta-mail-api:2.0.1-2
javax-activation-api:1.2.0-5
javax-mail-api:1.6.2-5
jaxb:2.3.8-1
jquery3-api:3.6.1-2
junit:1166.va_436e268e972
kubernetes:3845.va_9823979a_744
kubernetes-client-api:6.3.1-206.v76d3b_6b_14db_b
kubernetes-credentials:0.10.0
mailer:448.v5b_97805e3767
metrics:4.2.13-420.vea_2f17932dd6
mina-sshd-api-common:2.9.2-50.va_0e1f42659a_a
mina-sshd-api-core:2.9.2-50.va_0e1f42659a_a
nexus-jenkins-plugin:3.16.476.v410d6968f400
oic-auth:2.5
pipeline-build-step:2.18
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:629.vb_5627b_ee2104
pipeline-input-step:466.v6d0a_5df34f81
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2118.v31fd5b_9944b_5
pipeline-model-definition:2.2118.v31fd5b_9944b_5
pipeline-model-extensions:2.2118.v31fd5b_9944b_5
pipeline-rest-api:2.31
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2118.v31fd5b_9944b_5
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:2.20.0
popper2-api:2.11.6-2
prometheus:2.1.1
role-strategy:587.v2872c41fa_e51
scm-api:631.v9143df5b_e4a_a
script-security:1229.v4880b_b_e905a_6
snakeyaml-api:1.33-90.v80dcb_3814d35
ssh-credentials:305.v8f4381501156
sshd:3.236.ved5e1b_cb_50b_2
structs:324.va_f5d6774f3a_d
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
workflow-aggregator:590.v6a_d052e5a_a_b_5
workflow-api:1208.v0cc7c6e0da_9e
workflow-basic-steps:994.vd57e3ca_46d24
workflow-cps:3611.v201b_d9f9eb_f7
workflow-durable-task-step:1223.v7f1a_98a_8863e
workflow-job:1268.v6eb_e2ee1a_85a
workflow-multibranch:716.vc692a_e52371b_
workflow-scm-step:400.v6b_89a_1317c9a_
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
What Operating System are you using (both controller, and any agents involved in the problem)?
GKE 1.24.8-gke.2000
Reproduction steps
- Create a Jenkins instance with
jenkinsciHelm chart - set jenkins url, roles, build agent, etc. - Add the following fragment to install this Nexus Platform plug-in and deploy
controller:
additionalPlugins:
- nexus-jenkins-plugin
JCasC:
configScripts:
nxrm3configuration: |
unclassified:
globalNexusConfiguration:
nxrmConfigs:
- nxrm3Configuration:
displayName: "Build Artifacts"
id: "artifacts"
serverUrl: "https://${sonatype_dns_name_full}"
credentialsId: "jenkins-sonatype-robot-account"
Expected Results
Go to Manage Jenkins - > Configure System. Nexus should be configured with one server per casc.
Actual Results
Crashes, and Jenkins is not fully configured. In addition to Nexus plugin not having any configuration, there are warnings about the build agent and jenkins url not being configured, suggesting the configuration processing from Helm values.yaml was interrupted.
Anything else?
This very well may be caused by my lack of understanding of how to configure Nexus via casc. I can't find any documentation for it.
I get the following error, which does not occur when I remove the Nexus casc block.
config-reload error
[2023-02-06 23:34:50] Received unknown exception: HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /reload-configuration-as-code/
?casc-reload-token=jenkins-0 (Caused by ResponseError('too many 500 error responses'))
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 846, in urlopen
return self.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 846, in urlopen
return self.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 846, in urlopen
return self.urlopen(
[Previous line repeated 2 more times]
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 836, in urlopen
retries = retries.increment(method, url, response=response, _pool=self)
File "/usr/local/lib/python3.8/site-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /reload-configuration-as-code/?casc-reload-tok
en=jenkins-0 (Caused by ResponseError('too many 500 error responses'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/app/resources.py", line 239, in _watch_resource_loop
_watch_resource_iterator(*args)
File "/app/resources.py", line 227, in _watch_resource_iterator
request(request_url, request_method, enable_5xx, request_payload)
File "/app/helpers.py", line 123, in request
res = r.post("%s" % url, auth=auth, json=payload, timeout=REQ_TIMEOUT)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 590, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 507, in send
raise RetryError(e, request=request)
requests.exceptions.RetryError: HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /reload-configuration-as-code/?casc-reload-token
=jenkins-0 (Caused by ResponseError('too many 500 error responses'))
I can successfully manually configure the plug-in, and the Test Server button verifies it works.
Here are the other values.yaml settings.
other values.yaml
controller:
jenkinsUrl: "https://${dns_name_full}"
servicePort: 80
serviceType: ClusterIP
serviceAnnotations:
cloud.google.com/neg: '{"ingress": true}'
podAnnotations:
kube-vault-sync.github.com/sync: "admin-pwd,kaniko-auth,root-ca,argocd-api-token"
admin:
existingSecret: "admin-pwd"
userKey: "jenkins-admin-user"
passwordKey: "jenkins-admin-password"
# plugin or plugin:version
installPlugins:
- kubernetes
- workflow-aggregator
- git
- configuration-as-code
installLatestPlugins: true
installLatestSpecifiedPlugins: true
additionalPlugins:
- oic-auth # https://bytesource.net/en/blog/posts/serverless-jenkins-part-1/
- role-strategy
- adoptopenjdk
- prometheus
javaOpts: >-
-Dhudson.util.RingBufferLogHandler.defaultSize=4096
jenkinsOpts: "--sessionTimeout=1440"
initConfigMap: "init-groovy"
ingress:
enabled: true
hostName: "${dns_name_full}"
annotations:
ingress.gcp.kubernetes.io/pre-shared-cert: "${gce_ssl_cert_name}"
kubernetes.io/ingress.class: "gce-internal"
kubernetes.io/ingress.allow-http: "false"
external-dns.alpha.kubernetes.io/hostname: "${dns_name_full}."
tls:
- secretName: "${tls_secret_name}"
hosts:
- "jenkins.${kubernetes_namespace}.svc.cluster.local"
initScripts:
setup-known-hosts: |
new File("/var/jenkins_home/.ssh").mkdir()
File file = new File("/var/jenkins_home/.ssh/known_hosts")
file.write '${known_hosts}'
file.setReadOnly()
projectNamingStrategy:
roleBased:
forceExistingJobs: false
JCasC:
#
# Manually configure a test Jenkins the way you want it, then view the config in yaml
# at https://jenkins.int.${project_name}.nabancard.dev/configuration-as-code/viewExport,
# then adapt the relevant fragment to follow the pattern below.
#
# The inner name like 'welcome-message' is your choice, but it ends up in a configmap
# key and must be lowercase alphanumeric with optional middle dashes and dots.
#
configScripts:
welcome-message: |
jenkins:
systemMessage: Welcome to the CI/CD server for ${project_name}!
global-vars: |
jenkins:
globalNodeProperties:
- envVars:
env:
- key: "PROJECT_NAME"
value: "${project_name}"
- key: "ARTIFACT_HOST"
value: "${sonatype_dns_name_full}"
- key: "DEPLOYMENT_HOST"
value: "${argocd_dns_name_full}"
okta: |
jenkins:
securityRealm:
oic:
clientId: "${clientId}"
clientSecret: "${clientSecret}"
wellKnownOpenIDConfigurationUrl: "${oidcIssuerUrl}/.well-known/openid-configuration"
userInfoServerUrl: "${oidcIssuerUrl}/oauth2/v1/userinfo"
tokenFieldToCheckKey: ""
tokenFieldToCheckValue: ""
fullNameFieldName: "name"
groupsFieldName: "groups"
disableSslVerification: false
logoutFromOpenidProvider: true
endSessionEndpoint: "${oidcIssuerUrl}/oauth2/v1/logout"
postLogoutRedirectUrl: "https://${dns_name_full}"
escapeHatchEnabled: false
escapeHatchUsername: ""
escapeHatchSecret: "my-unused-password"
escapeHatchGroup: ""
automanualconfigure: "auto"
emailFieldName: "email"
userNameField: "name"
tokenServerUrl: "${oidcIssuerUrl}/oauth2/v1/token"
authorizationServerUrl: "${oidcIssuerUrl}/oauth2/v1/authorize"
scopes: "address phone openid profile offline_access groups email"
authorizationStrategy:
roleBased:
roles:
global:
- name: "${project_admin_account}"
permissions:
- "Overall/Administer"
assignments:
- "${project_admin_account}"
- name: "${project_manager_account}"
permissions:
- "Overall/Administer"
assignments:
- "${project_manager_account}"
- name: "${project_reader_account}"
permissions:
- "Overall/Read"
assignments:
- "${project_reader_account}"
- name: "service-account"
permissions:
- "Overall/Read"
- "Credentials/Create"
- "Credentials/Update"
- "Credentials/Delete"
- "Credentials/View"
- "Job/Create"
- "Job/Delete"
- "Job/Discover"
- "Job/Read"
- "Job/Configure"
assignments:
- "${project_automation_account}"
prometheus: |
unclassified:
prometheusConfiguration:
appendParamLabel: false
appendStatusLabel: false
collectDiskUsage: false
collectingMetricsPeriodInSeconds: 120
countAbortedBuilds: true
countFailedBuilds: true
countNotBuiltBuilds: true
countSuccessfulBuilds: true
countUnstableBuilds: true
defaultNamespace: "default"
fetchTestResults: true
jobAttributeName: "jenkins_job"
path: "prometheus"
processingDisabledBuilds: false
useAuthenticatedEndpoint: true
# The sections below are for adding our root CA to the Jenkins container image.
# - Use an init container to copy the whole Jenkins cert store into the writable volume
# - Concat our root CA cert
customInitContainers:
- name: add-ca-certs
image: "jenkins/jenkins:lts"
imagePullPolicy: Always
command:
- "sh"
- "-c"
- >
cat /etc/ssl/certs/ca-certificates.crt /etc/root-ca/root-ca-cert.pem > /cacerts-share/ca-certificates.crt
&& cp $${JAVA_HOME}/lib/security/cacerts /cacerts-share/cacerts
&& chmod 644 /cacerts-share/cacerts
&& $${JAVA_HOME}/bin/keytool -import -trustcacerts -alias custom-ca-certs -keystore /cacerts-share/cacerts -file /etc/root-ca/root-ca-cert.pem -noprompt -storepass changeit
volumeMounts:
- name: cacerts-share
mountPath: /cacerts-share
- name: root-ca-cert-pem
mountPath: /etc/root-ca
# The sections below are for adding our root CA to the Jenkins container image.
# - Mount the root CA cert (a kubesecret) into the container
# - Make an empty writable volume
# - Mount the modified CA cert store in the container
persistence:
volumes:
- name: cacerts-share
emptyDir: {}
- name: root-ca-cert-pem
secret:
secretName: root-ca
mounts:
- mountPath: /etc/ssl/certs/ca-certificates.crt
name: cacerts-share
subPath: ca-certificates.crt
- mountPath: /opt/java/openjdk/lib/security/cacerts
name: cacerts-share
subPath: cacerts
Example crash stack
2023-02-07 14:31:30.700+0000 [id=15] INFO i.j.p.casc.TokenReloadAction#doIndex: Configuration reload triggered via token
2023-02-07 14:31:30.720+0000 [id=15] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.csanchez.jenkins.plugins.kubernetes.PodTemplate#listener: type is abstract but not Describable.
2023-02-07 14:31:31.067+0000 [id=15] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.sonatype.nexus.ci.config.GlobalNexusConfiguration#metaClass: type is abstract but not Describable.
at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78)
at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
at org.kohsuke.stapler.IndexDispatcher.dispatch(IndexDispatcher.java:28)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
Caused: javax.servlet.ServletException
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:812)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:690)
at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157)
at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at io.jenkins.plugins.casc.TokenReloadCrumbExclusion.process(TokenReloadCrumbExclusion.java:20)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:128)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:141)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1383)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1305)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:139)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:933)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1077)
at java.base/java.lang.Thread.run(Thread.java:829)
Guess: the casc plugin expects Nexus to implement the Describable interface.
https://github.com/jenkinsci/configuration-as-code-plugin/blob/a5969a96ac468e7a8247fc18bf384bc40387f4d3/plugin/src/main/java/io/jenkins/plugins/casc/BaseConfigurator.java#L168