Our gitlab runs on EC2 instance. It is well known that AWS changes (from time to time) public IPs allocated to LBs that are in front of EC2 instances.
Problem here is that sonarqube seems to rely on previously cached IP (which no longer would point to LB in front of Gitlab) and therefore is not able to validate the hostmane (mismatch between hostname vs certificate). Can either dns caching be disabled (work-around) or better yet (feature request/fix) upon not being able to verify the host/certificate then sonar could flush its dns cache and do a lookup of the passed hostname towards public dns?
hostname, certificate and CN => redacted! Though (and as expected), there is no match due to the public IP re-allocation that AWS does from time to time.
The DNS record for our gitlab has TTL of 60 seconds only. Therefore, even after AWS changed public IP of LB (in front of our gitlab), sonar should have eventually done a lookup though apparently did not happen. The below is experienced quite a few times within a 2-3 hours window…
2020.09.04 00:17:04 ERROR ce[AXRWeUnd5GAGCf4MOaRp][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
2020.09.04 00:35:08 ERROR ce[AXRWic3r5GAGCf4MOaRt][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
2020.09.04 00:50:08 ERROR ce[AXRWl4qJ5GAGCf4MOaRw][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
2020.09.04 01:06:33 ERROR ce[AXRWppmP5GAGCf4MOaR1][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
2020.09.04 01:38:24 ERROR ce[AXRWw7wf5GAGCf4MOaR4][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
2020.09.04 02:06:40 ERROR ce[AXRW3aB05GAGCf4MOaSp][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
It seems that Sonar process/libraries/container/VM host isn’t treating TTL properly. Case here, DNS TTL for gitlab record is only 60 seconds
Yes indeed, setting this property could help in your case. Although keep in mind that setting it in java directory means every application on that server will have this setting set.
Hi @jacek.poreda, thank you! In our case it should be fine (container/pod running on k8s). question here is - would not be better to have that java property set directly on the provided image for community, dev edition and so on? As of now (property does not exist), therefore DNS TTL == forever. We are looking into upstream repo that we use (manage sonar/dev edition) as to find a way to set the property for now though still believe that perhaps image should have that already set. thoughts?
Also, it seems to be a bug - sorry that did not notice the below before - the properties have already been set (I did not have to do it), therefore this is not working as it should be. If you scroll up, you will see that within 2 hours time-window, sonar was still using its cached values
Here is the printout showing sonar already sets the suggested property:
Here that it does not work as it should:
2020.09.04 00:17:04 ERROR ce[AXRWeUnd5GAGCf4MOaRp][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
2020.09.04 00:35:08 ERROR ce[AXRWic3r5GAGCf4MOaRt][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
2020.09.04 00:50:08 ERROR ce[AXRWl4qJ5GAGCf4MOaRw][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
2020.09.04 01:06:33 ERROR ce[AXRWppmP5GAGCf4MOaR1][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
2020.09.04 01:38:24 ERROR ce[AXRWw7wf5GAGCf4MOaR4][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
2020.09.04 02:06:40 ERROR ce[AXRW3aB05GAGCf4MOaSp][c.s.C.D.D.B] An exception was thrown during Merge Request decoration : Hostname gitlab.cdls.infrastructure.test.com not verified:
Please advise on how to address this dns ttl that though set, does not seem to be working. thanks
We use terraform/helm(provider) to manage it. We were able to add JVM_OPTS to the .tpl and pass the property. Will monitor to ensure that next time public ip changes, sonar can properly handle that. (still think this property should be set in the image though). Cheers /Pedro