Jenkins 无法使用带有自签名证书的 HTTPS (HTTP + SSL) 连接到 SonarQube 服务器

Posted

技术标签:

【中文标题】Jenkins 无法使用带有自签名证书的 HTTPS (HTTP + SSL) 连接到 SonarQube 服务器【英文标题】:Jenkins cannot connect to SonarQube server using HTTPS (HTTP + SSL) with self-signed certificate 【发布时间】:2016-05-10 03:24:34 【问题描述】:

我使用 SonarQube 5.3 版,我正在尝试使用 Jenkins 进行设置。我使用了这个教程:Analyzing with SonarQube Scanner for Jenkins。

但这些是我收到的错误消息:

ERROR: Error during Sonar runner execution
    org.sonar.runner.impl.RunnerException: Unable to execute Sonar
        at org.sonar.runner.impl.BatchLauncher$1.delegateExecution(BatchLauncher.java:91)
        at org.sonar.runner.impl.BatchLauncher$1.run(BatchLauncher.java:75)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.sonar.runner.impl.BatchLauncher.doExecute(BatchLauncher.java:69)
        at org.sonar.runner.impl.BatchLauncher.execute(BatchLauncher.java:50)
        at org.sonar.runner.api.EmbeddedRunner.doExecute(EmbeddedRunner.java:102)
        at org.sonar.runner.api.Runner.execute(Runner.java:100)
        at org.sonar.runner.Main.executeTask(Main.java:70)
        at org.sonar.runner.Main.execute(Main.java:59)
        at org.sonar.runner.Main.main(Main.java:53)
    Caused by: java.lang.IllegalStateException: Unable to load component class org.sonar.batch.bootstrap.BatchPluginInstaller
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:62)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
        at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
        at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
        at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
        at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
        at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
        at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
        at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
        at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
        at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
        at org.picocontainer.DefaultPicoContainer.instantiateComponentAsIsStartable(DefaultPicoContainer.java:1034)
        at org.picocontainer.DefaultPicoContainer.addAdapterIfStartable(DefaultPicoContainer.java:1026)
        at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1003)
        at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:131)
        at org.sonar.batch.bootstrapper.Batch.start(Batch.java:103)
        at org.sonar.batch.bootstrapper.Batch.start(Batch.java:92)
        at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:76)
        at org.sonar.runner.batch.IsolatedLauncher.execute(IsolatedLauncher.java:48)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.sonar.runner.impl.BatchLauncher$1.delegateExecution(BatchLauncher.java:87)
        ... 9 more
    Caused by: java.lang.IllegalStateException: Unable to load component class org.sonar.home.cache.FileCache
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:62)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
        at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
        at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
        at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
        at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
        at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
        at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
        at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
        at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
        at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
        at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:60)
        ... 34 more
    Caused by: java.lang.IllegalStateException: Unable to load component class org.sonar.batch.bootstrap.GlobalSettings
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:62)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
        at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
        at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
        at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
        at org.picocontainer.injectors.SingleMemberInjector.getMemberArguments(SingleMemberInjector.java:61)
        at org.picocontainer.injectors.MethodInjector.getMemberArguments(MethodInjector.java:100)
        at org.picocontainer.injectors.MethodInjector$2.run(MethodInjector.java:112)
        at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
        at org.picocontainer.injectors.MethodInjector.decorateComponentInstance(MethodInjector.java:120)
        at org.picocontainer.injectors.CompositeInjector.decorateComponentInstance(CompositeInjector.java:58)
        at org.picocontainer.injectors.Reinjector.reinject(Reinjector.java:142)
        at org.picocontainer.injectors.ProviderAdapter.getComponentInstance(ProviderAdapter.java:96)
        at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:60)
        ... 48 more
    Caused by: java.lang.IllegalStateException: Unable to load component class org.sonar.batch.protocol.input.GlobalRepositories
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:62)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
        at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
        at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
        at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
        at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
        at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
        at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
        at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
        at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
        at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
        at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:60)
        ... 63 more
    Caused by: java.lang.IllegalStateException: Server is not available: https://131.234.31.124:9000/
        at org.sonar.batch.cache.WSLoader.loadFromServerFirst(WSLoader.java:197)
        at org.sonar.batch.cache.WSLoader.load(WSLoader.java:148)
        at org.sonar.batch.cache.WSLoader.loadString(WSLoader.java:134)
        at org.sonar.batch.cache.WSLoader.loadString(WSLoader.java:129)
        at org.sonar.batch.repository.DefaultGlobalRepositoriesLoader.load(DefaultGlobalRepositoriesLoader.java:43)
        at org.sonar.batch.repository.GlobalRepositoriesProvider.provide(GlobalRepositoriesProvider.java:40)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.picocontainer.injectors.MethodInjector.invokeMethod(MethodInjector.java:129)
        at org.picocontainer.injectors.MethodInjector.access$000(MethodInjector.java:39)
        at org.picocontainer.injectors.MethodInjector$2.run(MethodInjector.java:113)
        at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
        at org.picocontainer.injectors.MethodInjector.decorateComponentInstance(MethodInjector.java:120)
        at org.picocontainer.injectors.CompositeInjector.decorateComponentInstance(CompositeInjector.java:58)
        at org.picocontainer.injectors.Reinjector.reinject(Reinjector.java:142)
        at org.picocontainer.injectors.ProviderAdapter.getComponentInstance(ProviderAdapter.java:96)
        at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:60)
        ... 77 more
    Caused by: java.lang.IllegalStateException: Fail to request https://131.234.31.124:9000/batch/global
        at org.sonarqube.ws.client.HttpConnector.doCall(HttpConnector.java:202)
        at org.sonarqube.ws.client.HttpConnector.get(HttpConnector.java:144)
        at org.sonarqube.ws.client.HttpConnector.call(HttpConnector.java:133)
        at org.sonar.batch.bootstrap.BatchWsClient.call(BatchWsClient.java:65)
        at org.sonar.batch.cache.WSLoader$1.load(WSLoader.java:62)
        at org.sonar.batch.cache.WSLoader$1.load(WSLoader.java:58)
        at org.sonar.batch.cache.WSLoader.loadFromServer(WSLoader.java:225)
        at org.sonar.batch.cache.WSLoader.loadFromServerFirst(WSLoader.java:188)
        ... 97 more
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at com.squareup.okhttp.Connection.connectTls(Connection.java:239)
        at com.squareup.okhttp.Connection.connectSocket(Connection.java:201)
        at com.squareup.okhttp.Connection.connect(Connection.java:172)
        at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:358)
        at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:117)
        at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329)
        at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246)
        at com.squareup.okhttp.Call.getResponse(Call.java:276)
        at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:234)
        at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:196)
        at com.squareup.okhttp.Call.execute(Call.java:79)
        at org.sonarqube.ws.client.HttpConnector.doCall(HttpConnector.java:199)
        ... 104 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
        ... 123 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
        ... 129 more

有谁知道我做错了什么?

【问题讨论】:

【参考方案1】:

您的 Jenkins 无法与 SonarQube 服务器进行 SSL 握手。您需要:

通过 HTTP 协议连接到 SonarQube 服务器

将 SonarQube 证书安装到 Jenkins Java 中(请参阅 How to import a .cer certificate into a java keystore)

【讨论】:

或者反过来在声纳机器上使用合法的 SSL 证书。就个人而言,我会使用 HTTP 协议。如果安全是一个问题,那么在声纳服务器上设置防火墙只接受来自 jenkins 服务器的 http 请求。 本教程对我帮助很大:support.cloudbees.com/hc/en-us/articles/…

以上是关于Jenkins 无法使用带有自签名证书的 HTTPS (HTTP + SSL) 连接到 SonarQube 服务器的主要内容,如果未能解决你的问题,请参考以下文章

MacOS Jenkins:查找JRE并导入自签名证书

带有自签名证书的 Amazon Beanstalk Web 服务器?

在 aws 弹性负载均衡器上无法让 https 使用自签名证书

无法删除自签名证书以在 Virtualmin 上使用我自己的证书

如何使用 OpenSSL 生成带有 SubjectAltName 的自签名证书? [关闭]

(错误)Elasticloadbalancer无法找到带有arn cloudformation的ACM证书