Pipeline 紅過夜的一次記錄
2019年03月18日周一晚上提交代碼摊崭,pipeline 掛了坪圾。
error image.png
根據(jù)圖上的信息晓折,我們知道了Dockerfile中設(shè)置的apk add --no-cache 'openjdk8-jre=8.191.12-r0' 沒有找到安裝包惑朦,提示說可以使用openjdk8-jre-8.201.08-r0[openjdk8-jre] 這個版本。相應(yīng)的也需要將上一步中ENV JAVA_VERSION 8u191設(shè)置為對應(yīng)的版本漓概。
使用提示信息中的版本.png
此時漾月,按照提示更改后,成功的build image胃珍。
但是梁肿,在第二個運行測試的Job中,pipeline又掛了觅彰。
Dockerfile中的java環(huán)境就是為SonarQube設(shè)置的吩蔑,現(xiàn)在發(fā)現(xiàn)Sonar不能正常運行,腦子里想到了一些問題:
- Sonar需要的Java版本必須是固定的填抬?
- 為什么下載不到之前設(shè)置的8u191 openjdk 版本烛芬?
- 如何讓pipeline正常運行通過?
sonar-scanner 運行失敗.png
Dockerfile 信息
因為項目的原因痴奏,使用的是node-alpine為基礎(chǔ)鏡像蛀骇,然后安裝了SonarQube進行代碼分析厌秒。
安裝docker-sonar-scanner Dockerfile的參考github repo newtmitch/docker-sonar-scanner
FROM node:8.12.0-alpine
WORKDIR /app
RUN cd /app \
&& apk update \
&& apk add --no-cache curl unzip
# Porperty for JDK
# Default to UTF-8 file.encoding
ENV LANG C.UTF-8
RUN { \
echo '#!/bin/sh'; \
echo 'set -e'; \
echo; \
echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \
} > /usr/local/bin/docker-java-home \
&& chmod +x /usr/local/bin/docker-java-home
ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk/jre
ENV PATH $PATH:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin
ENV JAVA_VERSION 8u201
RUN set -x \
&& apk add --no-cache openjdk8-jre=8.201.08-r0 \
&& [ "$JAVA_HOME" = "$(docker-java-home)" ]
# Install sonar-scanner
RUN curl --insecure -o ./sonarscanner.zip -L https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.0.3.778-linux.zip && \
unzip sonarscanner.zip && \
rm sonarscanner.zip && \
mv sonar-scanner-3.0.3.778-linux sonar-scanner
ENV SONAR_RUNNER_HOME=/app/sonar-scanner
ENV PATH $PATH:/app/sonar-scanner/bin
COPY ./sonar-project.properties /app/sonar-scanner/conf/sonar-scanner.properties
# ensure Sonar uses the provided Java for musl instead of a borked glibc one
RUN sed -i 's/use_embedded_jre=true/use_embedded_jre=false/g' /app/sonar-scanner/bin/sonar-scanner
解決問題的過程
openjdk8-jre版本問題分析
對于沒有玩過linux的我读拆,用apk 安裝的包是從哪里找到的,需要搞清楚鸵闪。
image.png
由這個圖直觀的看到:
第一個網(wǎng)站是
openjdk8-jre檐晕,顯示是5天前進行了更新,已經(jīng)是8.201.08-r0版本了蚌讼,第二個網(wǎng)站是
openjdk-jre-base辟灰,看上去是還有8.191.12-r0 版本,但是點擊進去也是8.201.08-r0版本了篡石。
image.png
在Alpine Linux Package 里面搜索
openjdk8-jre,發(fā)現(xiàn)在2019年03月14日更新為8.201.08-r0版本芥喇,而且找不到舊版本8.191.12-r0了。所以build image的時候 pipeline在安裝舊版本的openjdk8-jre的時候掛了凰萨。
image.png
Sonar-scanner 運行失敗問題分析
根據(jù)詳細的Error信息继控,可以知道是
java.lang.ExceptionInInitializerError
Caused by: java.security.ProviderException: Could not initialize NSS
Caused by: java.io.FileNotFoundException: /usr/lib/libnss3.so
看到這個錯誤信息一臉懵逼,也不知道是為什么胖眷,最后在github上找到了一個類似的issue武通,是關(guān)于docker openjdk的,issue 創(chuàng)建時間是3天前珊搀,大概是2019年03月17日docker-library / openjdk / issue - Missing libnss3.so after updating openjdk:8-jdk-alpine image
image.png
issue的評論中冶忱,有人說自己手動在dockerfile中install nss可以覺得這個問題,嘗試了一下境析,也解決了我所面臨的問題囚枪,sonar-scanner可以正常運行了派诬。
RUN apk add --no-cache nss
有人直接po出了上游問題,是在Alpine Linux中提出的眶拉。
Looks like someone filed a bug upstream about this https://bugs.alpinelinux.org/issues/10126
思考
早上和TL說在整理這篇文章千埃,TL說這個不是正確的解決方式,因為如果openjdk8-jre的版本又突然間本改變呢忆植?我們又會重復(fù)面臨這個問題放可。從長遠角度考慮,應(yīng)該是要選擇長期穩(wěn)定的jdk版本才是解決之道朝刊。
附上詳細的Error信息:
ERROR: Error during SonarQube Scanner execution
java.lang.ExceptionInInitializerError
at sun.security.ssl.SSLSessionImpl.<init>(SSLSessionImpl.java:188)
at sun.security.ssl.SSLSessionImpl.<init>(SSLSessionImpl.java:152)
at sun.security.ssl.SSLSessionImpl.<clinit>(SSLSessionImpl.java:79)
at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:598)
at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:566)
at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:110)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectTls(RealConnection.java:256)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.establishProtocol(RealConnection.java:237)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connect(RealConnection.java:148)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:186)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:179)
at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:63)
at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:113)
at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:98)
at org.sonarsource.scanner.api.internal.Jars.getBootstrapIndex(Jars.java:96)
at org.sonarsource.scanner.api.internal.Jars.getScannerEngineFiles(Jars.java:76)
at org.sonarsource.scanner.api.internal.Jars.download(Jars.java:70)
at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:39)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:75)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67)
at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218)
at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156)
at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.security.ProviderException: Could not initialize NSS
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:223)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:233)
at sun.security.jca.ProviderList.getIndex(ProviderList.java:263)
at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:247)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:253)
at java.security.Security.getProvider(Security.java:503)
at sun.security.ssl.SignatureAndHashAlgorithm.<clinit>(SignatureAndHashAlgorithm.java:415)
... 40 more
Caused by: java.io.FileNotFoundException: /usr/lib/libnss3.so
at sun.security.pkcs11.Secmod.initialize(Secmod.java:193)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:218)
... 56 more
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
