Connection timeout in azure build pipeline in docker container on self-hosted agent

We have a connection timeout issue with SonarCloud and our azure devops pipeline running in a docker container on a self-hosted agent in our corporate network. We have set the usual network proxy needed, but somehow connection still isn’t possible for the sonar cloud client. The Build log shows (more details in the attached build error log below):

ERROR Failed to query JRE metadata: Call to URL [https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64] failed: HTTP connect timed out

This is the corresponding relevant part in the azure build pipeline:

  - task: SonarCloudPrepare@4
    inputs:
      SonarCloud: "SonarQube Cloud"
      organization: "myCorp"
      scannerMode: "CLI"
      configMode: "file"
      extraProperties: |
        sonar.cfamily.compile-commands=build_wrapper_output_directory/compile_commands.json
    env:
      https_proxy: 'http://myproxy.com:80'
      http_proxy: 'http://myproxy.com:80'

  - script: |
      cd $(Pipeline.Workspace)/$(project_folder)
      cmake --preset=Release
      build-wrapper-linux-x86-64 --out-dir build_wrapper_output_directory cmake --build ./Release
      mkdir -p '$(Build.ArtifactStagingDirectory)/Artifacts/Release'
      cp out/*.bin '$(Build.ArtifactStagingDirectory)/Artifacts/Release/'
      cp Release/SysBiosAppl/*.out '$(Build.ArtifactStagingDirectory)/Artifacts/Release/'
      exit $? 
    displayName: "Running Build CMake, wrapped by SonarQube"
    condition: always()

  - task: SonarCloudAnalyze@4
    displayName: 'SonarCloudAnalyze'
    inputs:
      jdkversion: 'JAVA_HOME'
      extraProperties: sonar.verbose=true
    env:
      https_proxy: 'http://myproxy.com:80'
      http_proxy: 'http://myproxy.com:80'

  - task: SonarCloudPublish@4
    displayName: 'SonarCloudPublish'
    inputs:
      pollingTimeoutSec: '500'
      extraProperties: sonar.verbose=true
    env:
      https_proxy: 'http://myproxy.com:80'
      http_proxy: 'http://myproxy.com:80'

Here’s the linux-based Dockerfile for the sonarcloud layer we put on top of the image to build our embedded gcc-based C code project using cmake:

FROM myproject.azurecr.io/docker-base-image-ccs:CCS12_V01.01.11
ARG user_name
ARG home_dir

COPY ./build-wrapper-linux-x86.zip .
RUN mkdir -p ${home_dir}/.sonar \
    && chmod 777 ${home_dir}/.sonar/
RUN unzip -o build-wrapper-linux-x86.zip -d ${home_dir}/.sonar/

ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
ENV PATH=${home_dir}/.sonar/build-wrapper-linux-x86:${PATH}
ENV https_proxy=http://myproxy.com:80
ENV http_proxy=http://myproxy.com:80
ENV JAVA_TOOL_OPTIONS="\
  -Dhttp.proxyHost=myproxy.com \
  -Dhttp.proxyPort=80 \
  -Dhttps.proxyHost=myproxy.com \
  -Dhttps.proxyPort=80 \
  -Dhttp.nonProxyHosts=localhost|127.0.0.1 \
"

At the moment we feel that for some reason the proxy setting is not being picked up by the sonar client, because when I issue a curl command in an interactive bash shell inside the same container on the same agent, it works fine and I get a proper response:

curl -X ‘GET’ ‘https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64’ -H ‘accept: application/json’

Anybody any ideas how to solve this?

sonarcloud-analyze-connection-timeout.log (2.6 KB)

Hi,

Welcome to the community and thanks for this report!

Are you still experiencing this?

 
Ann

yes, this is still a blocker for us! Would be nice if you could actually let us know how your sonarscanner http client should be picking up the proxy setting in a linux docker container, if not via the https_proxy and http_proxy envrionment variables…

Hi,

I can’t find the docs to back this up, but could you try setting those values not as envvars, but as analysis parameters?

 
Thx,
Ann

Solved. Seems the JAVA_TOOL_OPTIONS environment variable wasn’t set correctly before. Once this supplies the proxy settings above, the sonar scanner picks them up as can be seen in the log then:

Starting: SonarCloudAnalyze
==============================================================================
Task         : Run Code Analysis
Description  : Run scanner and upload the results to SonarQube Cloud.
Version      : 4.0.1
Author       : sonarsource
Help         : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/sonarcloud-extension-for-azure-devops/)
==============================================================================
/__w/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/4.0.1/sonar-scanner/bin/sonar-scanner
Picked up JAVA_TOOL_OPTIONS:   -Dhttp.proxyHost=myproxy.com   -Dhttp.proxyPort=80   -Dhttps.proxyHost=myproxy.com   -Dhttps.proxyPort=80   -Dhttp.nonProxyHosts=localhost|127.0.0.1 
15:50:22.490 INFO  Scanner configuration file: /__w/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/4.0.1/sonar-scanner/conf/sonar-scanner.properties
15:50:22.495 INFO  Project root configuration file: NONE
15:50:22.509 INFO  SonarScanner CLI 8.0.1.6346
15:50:22.511 INFO  Linux 4.18.0-553.89.1.el8_10.x86_64 amd64
15:50:23.303 INFO  Communicating with SonarQube Cloud
15:50:23.304 INFO  JRE provisioning: os[linux], arch[x86_64]
15:50:26.804 ERROR [stderr] Picked up JAVA_TOOL_OPTIONS:   -Dhttp.proxyHost=myproxy.com   -Dhttp.proxyPort=80   -Dhttps.proxyHost=myproxy.com   -Dhttps.proxyPort=80   -Dhttp.nonProxyHosts=localhost|127.0.0.1 
15:50:28.236 ERROR [stderr] Picked up JAVA_TOOL_OPTIONS:   -Dhttp.proxyHost=myproxy.com   -Dhttp.proxyPort=80   -Dhttps.proxyHost=myproxy.com   -Dhttps.proxyPort=80   -Dhttp.nonProxyHosts=localhost|127.0.0.1 
15:50:28.516 INFO  Starting SonarScanner Engine...
15:50:28.516 INFO  Java 17.0.11 Eclipse Adoptium (64-bit)
15:50:29.480 INFO  Load global settings