Failing Pre-Migration Checks (BCMA, Bitbucket Cloud Migration Assistant)
Summary
Multiple pre-migration checks fail as part of a Bitbucket Cloud Migration Assistant (aka BCMA) migration.
Environment
Bitbucket On-Prem (Server or Data Center) using the BCMA.
Diagnosis
If you notice multiple pre-migration checks failing with no additional details or explanation, it may be caused by a failure to connect/communicate with the Bitbucket Cloud platform. Within your server logs ("atlassian-bitbucket.log"), locate a WARN stack trace, that matches the below example log, that aligns with the time of your migration failing.
2022-04-27 05:01:23,969 WARN [bcma-6] <username> @1VV3JLFx301x1830046x1 1q5dnzk <client-ip-address> "POST /rest/migration/latest/check/950d5ed623c4e859dd8b05efbf96ccecc6a961d8 HTTP/1.1" c.a.b.p.b.p.AsyncCheckExecutor Preflight CheckBatch failed [950d5ed623c4e859dd8b05efbf96ccecc6a961d8]
com.atlassian.bitbucket.plugin.bcma.migrationservice.MigrationServiceServerErrorException: Communication error during migration
...
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-emptyCause
Bitbucket On-prem runs as a JVM application that utilizes a trust store file that it uses to determine what SSL certificates it considers safe/trusted. If this trust store is not up to date or lacks common root/intermediate certificates, it can lead your server to not trust our public platforms and thus reject any web connections used to communicate and allow migration between the platforms. You will need to address the faulty trust store and try again.
Solution
Follow any of the following guides to walk you through updating your local Java trust store to allow your server to correctly trust the SSL certificates used by Atlassian/Bitbucket cloud platforms.
- https://stackoverflow.com/questions/6784463/error-trustanchors-parameter-must-be-non-empty
- https://medium.com/@gustavocalcaterra/debugging-yet-another-ssl-tls-error-the-trustanchors-parameter-must-be-non-empty-7dd9cb300f43
- https://www.baeldung.com/java-trustanchors-parameter-must-be-non-empty
Note that Bitbucket on-prem can use a custom path to the Java trust store via the server.ssl.trust-store property within the bitbucket.properties config file.