大佬教程收集整理的这篇文章主要介绍了升级 jenkins/jenkins:2.263.4-lts 导致 ssl 问题,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
将我们的 jenkins 映像升级到 jenkins/jenkins:2.263.4-lts 后,由于 ssl 问题,我们的作业代码未与 github 企业同步。
https://www.jenkins.io/doc/upgrade-guide/2.263/#upgrading-to-jenkins-lts-2-263-4
标记为 jenkins/jenkins:2.263.4-lts、jenkins/jenkins:2.263.4 和 jenkins/jenkins:lts 的 jenkins 2.263.4 Docker 镜像使用 AdaPTOPenJDK 8u282 版本,而不是使用以前版本的 OpenJDK 8u242 版本.这些镜像也使用 Debian 10(“Buster”)而不是之前镜像中使用的 Debian 9(“Stretch”)版本
我可以看到此更新和 Java 的基本映像操作系统版本也发生了变化。 所以如果我降级图像它工作正常。一些问题是证书。知道为什么会出现这个问题吗?
sun.security.provIDer.certpath.SunCertPathBuilderException: unable to find valID certification path to requested target
at sun.security.provIDer.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provIDer.certpath.SunCertPathBuilder.ENGIneBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.valIDator.PKIXValIDator.dobuild(PKIXValIDator.java:451)
Caused: sun.security.valIDator.ValIDatorException: PKIX path building Failed
at sun.security.valIDator.PKIXValIDator.dobuild(PKIXValIDator.java:456)
at sun.security.valIDator.PKIXValIDator.ENGIneValIDate(PKIXValIDator.java:323)
at sun.security.valIDator.ValIDator.valIDate(ValIDator.java:271)
at sun.security.ssl.x509trustmanagerImpl.valIDate(x509trustmanagerImpl.java:315)
at sun.security.ssl.x509trustmanagerImpl.checkTrusted(x509trustmanagerImpl.java:223)
at sun.security.ssl.x509trustmanagerImpl.checkServerTrusted(x509trustmanagerImpl.java:129)
at sun.security.ssl.Certificatemessage$T12CertificateConsumer.checkServerCerts(Certificatemessage.java:638)
Caused: javax.net.ssl.SSLHandshakeException: PKIX path building Failed: sun.security.provIDer.certpath.SunCertPathBuilderException: unable to find valID certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
at sun.security.ssl.Certificatemessage$T12CertificateConsumer.checkServerCerts(Certificatemessage.java:654)
at sun.security.ssl.Certificatemessage$T12CertificateConsumer.onCertificate(Certificatemessage.java:473)
at sun.security.ssl.Certificatemessage$T12CertificateConsumer.consume(Certificatemessage.java:369)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:149)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1143)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1054)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394)
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:336)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185)
at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169)
at okhttp3.internal.connection.ConnecTinterceptor.intercept(ConnecTinterceptor.java:41)
at okhttp3.internal.http.RealinterceptorChain.proceed(RealinterceptorChain.java:142)
at okhttp3.internal.http.RealinterceptorChain.proceed(RealinterceptorChain.java:117)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
at okhttp3.internal.http.RealinterceptorChain.proceed(RealinterceptorChain.java:142)
at okhttp3.internal.http.RealinterceptorChain.proceed(RealinterceptorChain.java:117)
at okhttp3.internal.http.brIDgeInterceptor.intercept(BrIDgeInterceptor.java:93)
at okhttp3.internal.http.RealinterceptorChain.proceed(RealinterceptorChain.java:142)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
at okhttp3.internal.http.RealinterceptorChain.proceed(RealinterceptorChain.java:142)
at okhttp3.internal.http.RealinterceptorChain.proceed(RealinterceptorChain.java:117)
at org.kohsuke.github.extras.okhttp3.obsoleteUrlFactory$UnexpectedException.lambda$static$0(ObsoleteUrlFactory.java:1363)
at okhttp3.internal.http.RealinterceptorChain.proceed(RealinterceptorChain.java:142)
at okhttp3.internal.http.RealinterceptorChain.proceed(RealinterceptorChain.java:117)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229)
at okhttp3.RealCall.execute(RealCall.java:81)
at org.kohsuke.github.extras.okhttp3.obsoleteUrlFactory$OkhttpURLConnection.getResponse(ObsoleteUrlFactory.java:669)
at org.kohsuke.github.extras.okhttp3.obsoleteUrlFactory$OkhttpURLConnection.getResponseCode(ObsoleteUrlFactory.java:700)
at org.kohsuke.github.extras.okhttp3.obsoleteUrlFactory$DelegaTinghttpsURLConnection.getResponseCode(ObsoleteUrlFactory.java:1062)
at org.kohsuke.github.GitHubhttpUrlConnectionClIEnt.getResponseInfo(GitHubhttpUrlConnectionClIEnt.java:64)
at org.kohsuke.github.GitHubClIEnt.sendrequest(GitHubClIEnt.java:394)
Caused: org.kohsuke.github.httpException: Server returned http response code: -1,message: 'null' for URL: https://xxxxxx/API/v3/rate_limit
at org.kohsuke.github.GitHubClIEnt.interpretAPIError(GitHubClIEnt.java:494)
at org.kohsuke.github.GitHubClIEnt.sendrequest(GitHubClIEnt.java:414)
at org.kohsuke.github.GitHubClIEnt.getRatelimit(GitHubClIEnt.java:232)
at org.kohsuke.github.GitHubClIEnt.ratelimit(GitHubClIEnt.java:283)
at org.kohsuke.github.GitHubRatelimitchecker.checkRatelimit(GitHubRatelimitchecker.java:122)
at org.kohsuke.github.GitHubClIEnt.sendrequest(GitHubClIEnt.java:392)
at org.kohsuke.github.GitHubClIEnt.fetch(GitHubClIEnt.java:129)
at org.kohsuke.github.GitHubClIEnt.checkAPIUrlValIDity(GitHubClIEnt.java:325)
at org.kohsuke.github.GitHub.checkAPIUrlValIDity(GitHub.java:1195)
at org.jenkinsci.plugins.github_branch_source.Connector$GitHubConnection.verifyConnection(Connector.java:678)
Caused: java.io.IOException: It seems https://xxxxxxxx/API/v3 is unreachable
at org.jenkinsci.plugins.github_branch_source.Connector$GitHubConnection.verifyConnection(Connector.java:681)
at org.jenkinsci.plugins.github_branch_source.Connector$GitHubConnection.connect(Connector.java:635)
at org.jenkinsci.plugins.github_branch_source.Connector$GitHubConnection.access$200(Connector.java:589)
at org.jenkinsci.plugins.github_branch_source.Connector.connect(Connector.java:361)
at org.jenkinsci.plugins.github_branch_source.GitHubSCMsource.retrIEve(GitHubSCMsource.java:1582)
at jenkins.scm.API.SCMsource.fetch(SCMsource.java:582)
at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:98)
at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:309)
at hudson.model.resourceController.execute(resourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
Finished: FAILURE
我在这里看到了一个链接。
https://github.com/jitsi/jitsi-meet/issues/8243
我的 dockerfile 是
FROM jenkins/jenkins:2.263.4-lts
ENV GIT_MKVER_VERSION=1.2.0
ENV GIT_CHGLOG_VERSION=0.10.0
# Install packages
USER root
RUN apt-get update && apt-get install python-pip createrepo jq file zip -y && apt-get clean \
&& pip install awscli yamllint cerberus ruamel.yaml \
&& curl -SL https://github.com/IDc101/git-mkver/releases/download/v${GIT_MKVER_VERSION}/git-mkver-linux-amd64-${GIT_MKVER_VERSION}.tar.gz > git-mkver.tar.gz \
&& tar xzvf git-mkver.tar.gz -C /usr/bin/ \
&& chmod +x /usr/bin/git-mkver \
&& rm -rf git-mkver.tar.gz \
&& curl -SL https://github.com/git-chglog/git-chglog/releases/download/${GIT_CHGLOG_VERSION}/git-chglog_linux_amd64 > /usr/bin/git-chglog \
&& chmod +x /usr/bin/git-chglog
# Install xxxx CA certificates
copY *.crt /usr/local/share/ca-certificates/
RUN chmod 644 /usr/local/share/ca-certificates/xxxx_corp_*.crt && \
update-ca-certificates
USER jenkins
暂时使用答案作为评论,因为我需要格式化
尝试在您的 dockerfile 中采用下面提到的 RUN 语句
RUN apt install -y ca-certificates && rm -rf /var/cache/apk/* && \
find /usr/share/ca-certificates/mozilla/ -name "*.crt" -exec keytool -import -trustcacerts \
-keystore /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/cacerts -storepass changeit -noprompt \
-file {} -alias {} \; && \
keytool -list -keystore /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/cacerts --storepass changeit
Dockerfile 中的路径需要相应地更改
,詹金斯解决的问题:
https://github.com/jenkins-infra/jenkins.io/pull/4168
解决办法:
https://github.com/jitsi/jitsi-meet/issues/8243#issuecomment-744181944
FROM jenkins/jenkins:2.263.4-lts
ENV GIT_MKVER_VERSION=1.2.0
ENV GIT_CHGLOG_VERSION=0.10.0
# Install packages
USER root
RUN apt-get update && apt-get install python-pip createrepo jq file zip -y && apt-get clean \
&& pip install awscli yamllint cerberus ruamel.yaml \
&& curl -SL https://github.com/idc101/git-mkver/releases/download/v${GIT_MKVER_VERSION}/git-mkver-linux-amd64-${GIT_MKVER_VERSION}.tar.gz > git-mkver.tar.gz \
&& tar xzvf git-mkver.tar.gz -C /usr/bin/ \
&& chmod +x /usr/bin/git-mkver \
&& rm -rf git-mkver.tar.gz \
&& curl -SL https://github.com/git-chglog/git-chglog/releases/download/${GIT_CHGLOG_VERSION}/git-chglog_linux_amd64 > /usr/bin/git-chglog \
&& chmod +x /usr/bin/git-chglog
# Install xxxx CA certificates
COPY *.crt /usr/local/share/ca-certificates/
RUN for file in /usr/local/share/ca-certificates/*.crt; do /opt/java/openjdk/bin/keytool -import -v -trustcacerts -noprompt -alias $(basename $file .crt) -file $file -keystore /opt/java/openjdk/jre/lib/security/cacerts -keypass changeit -storepass changeit; done
RUN chmod 644 /usr/local/share/ca-certificates/xxxx_corp_*.crt && \
update-ca-certificates
USER jenkins
以上是大佬教程为你收集整理的升级 jenkins/jenkins:2.263.4-lts 导致 ssl 问题全部内容,希望文章能够帮你解决升级 jenkins/jenkins:2.263.4-lts 导致 ssl 问题所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。