4

环境细节

SonarQube – Version - 6.7.6(LTS)
OS – CentOS – 7.6
Protocol- Https
Certificate: SSL – Self Signed.
Jenkins: 2.164.1
Sonar Scanner Version - 3.3.0.1492
Nginx configured for reverse proxy.

在我的 Sonarqube 服务器上,我使用以下命令创建了自签名证书。

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /root/ssl-key/ sonarqube.key -out /root/ssl-key/sonarqube.crt

来自 Jenkins,同时分析代码低于错误

11:30:33.957 ERROR: SonarQube server [https://sonarqube/sonar] can not be reached
11:30:33.958 INFO: ------------------------------------------------------------------------
11:30:33.958 INFO: EXECUTION FAILURE
11:30:33.958 INFO: ------------------------------------------------------------------------
11:30:33.959 INFO: Total time: 0.487s
11:30:33.987 INFO: Final Memory: 4M/121M
11:30:33.987 INFO: ------------------------------------------------------------------------
11:30:33.988 ERROR: Error during SonarQube Scanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:84)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67)
        at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218)
        at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
        at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
        at org.sonarsource.scanner.api.internal.Jars.getBootstrapIndex(Jars.java:100)
        at org.sonarsource.scanner.api.internal.Jars.getScannerEngineFiles(Jars.java:76)
        at org.sonarsource.scanner.api.internal.Jars.download(Jars.java:70)
        at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:39)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:75)
        ... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我的 sonarqube 服务器中有以下两个文件sonarqube.key and sonarqube.crt

4

1 回答 1

4

由于 Jenkins 在 Java 上运行,因此您需要让 Java 信任您的自签名证书。为此,您可以使用 Java 的keytool命令将证书(不是密钥)从 Sonarqube 服务器导入 Java 的cacerts信任库:

keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias SonarQube -import -file sonarqube.crt

或者,如果您对 Jenkins 主机具有基于 GUI 的访问权限,则可以使用诸如Portecle之类的工具来执行导入。

于 2019-04-15T07:36:41.857 回答