After reading Managing the TLS certificates on the client side doc and trying to make sonarqube-cli work I’m facing a dead end right now. I know that running the following works just fine:
sonar-scanner \
-Dsonar.projectKey=project_name \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.docker.localhost \
-Dsonar.login=MY_MEGA_SUPER_AMAZING_SECRET
And this one too:
docker run \
--rm \
--network=host \
--workdir "/usr/src/" \
--volume "${HOME}/.sonarqube/certs/:/opt/sonar-scanner/.sonar/ssl/" \
--volume "${PWD}:/usr/src" \
sonarsource/sonar-scanner-cli:11.3 \
-X \
-Dsonar.projectKey=project_name \
-Dsonar.scanner.truststorePassword="no_default_password" \
-Dsonar.sources=. \
-Dsonar.host.url=http://localhost:9000/ \
-Dsonar.login=MY_MEGA_SUPER_AMAZING_SECRET
But when I try to do the following, it breaks:
docker run \
--rm \
--network=host \
--workdir "/usr/src/" \
--volume "${HOME}/.sonarqube/certs/:/opt/sonar-scanner/.sonar/ssl/" \
--volume "${PWD}:/usr/src" \
sonarsource/sonar-scanner-cli:11.3 \
-X \
-Dsonar.projectKey=project_name \
-Dsonar.scanner.truststorePassword="no_default_password" \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.docker.localhost/ \
-Dsonar.login=MY_MEGA_SUPER_AMAZING_SECRET
Giving me the following error:
00:45:55.179 INFO Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
00:45:55.182 INFO Project root configuration file: NONE
00:45:55.192 INFO SonarScanner CLI 7.1.0.4889
00:45:55.194 INFO Java 17.0.14 Amazon.com Inc. (64-bit)
00:45:55.194 INFO Linux 6.6.84-1-MANJARO amd64
00:45:55.199 DEBUG Scanner max available memory: 14 GB
00:45:55.216 DEBUG uname -m returned 'x86_64'
00:45:55.217 DEBUG Using scanner truststore: /opt/sonar-scanner/.sonar/ssl/truststore.p12
00:45:55.218 DEBUG Create: /opt/sonar-scanner/.sonar/cache
00:45:55.218 INFO User cache: /opt/sonar-scanner/.sonar/cache
00:45:55.218 DEBUG Create: /opt/sonar-scanner/.sonar/cache/_tmp
00:45:55.277 DEBUG Loading OS trusted SSL certificates...
00:45:55.277 DEBUG This operation might be slow or even get stuck. You can skip it by passing the scanner property 'sonar.scanner.skipSystemTruststore=true'
00:45:55.539 DEBUG Loaded [1029] system trusted certificates
00:45:55.698 DEBUG Loaded truststore from '/opt/sonar-scanner/.sonar/ssl/truststore.p12' containing 1 certificates
00:45:55.794 DEBUG --> GET https://sonarqube.docker.localhost/api/v2/analysis/version
00:45:55.893 DEBUG <-- 404 https://sonarqube.docker.localhost/api/v2/analysis/version (99ms, unknown-length body)
00:45:55.898 DEBUG --> GET https://sonarqube.docker.localhost/api/server/version
00:45:55.901 DEBUG <-- 200 https://sonarqube.docker.localhost/api/server/version (3ms, 12-byte body)
00:45:55.901 INFO Communicating with SonarQube Server 9.9.8.100196
00:45:55.902 DEBUG Extract sonar-scanner-java-library-batch in temp...
00:45:55.904 DEBUG Get bootstrap index...
00:45:55.904 DEBUG --> GET https://sonarqube.docker.localhost/batch/index
00:45:55.906 DEBUG <-- 200 https://sonarqube.docker.localhost/batch/index (2ms, 82-byte body)
00:45:55.906 DEBUG Get bootstrap completed
00:45:55.907 DEBUG Download https://sonarqube.docker.localhost/batch/file?name=sonar-scanner-engine-shaded-9.9.8.100196-all.jar to /opt/sonar-scanner/.sonar/cache/_tmp/fileCache11878006162368489439.tmp
00:45:55.908 DEBUG --> GET https://sonarqube.docker.localhost/batch/file?name=sonar-scanner-engine-shaded-9.9.8.100196-all.jar
00:45:55.910 DEBUG <-- 200 https://sonarqube.docker.localhost/batch/file?name=sonar-scanner-engine-shaded-9.9.8.100196-all.jar (2ms, unknown-length body)
00:45:56.247 DEBUG Create isolated classloader...
00:45:56.250 DEBUG Start temp cleaning...
00:45:56.251 DEBUG Temp cleaning done
00:45:56.253 DEBUG Work directory: /tmp/.scannerwork
00:45:56.254 DEBUG Execution execute
00:45:56.384 DEBUG Community 9.9.8.100196
00:45:56.524 INFO Load global settings
00:45:56.565 INFO EXECUTION FAILURE
00:45:56.565 INFO Total time: 1.388s
00:45:56.565 ERROR Error during SonarScanner CLI execution
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.sonarsource.scanner.lib.internal.facade.inprocess.IsolatedClassloader@2f4854d6-org.sonar.scanner.bootstrap.ScannerPluginRepository': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.sonarsource.scanner.lib.internal.facade.inprocess.IsolatedClassloader@2f4854d6-org.sonar.scanner.bootstrap.ScannerPluginInstaller': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.sonarsource.scanner.lib.internal.facade.inprocess.IsolatedClassloader@2f4854d6-org.sonar.scanner.bootstrap.PluginFiles': Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'GlobalConfiguration' defined in org.sonar.scanner.bootstrap.GlobalConfigurationProvider: Unsatisfied dependency expressed through method 'provide' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'GlobalServerSettings' defined in org.sonar.scanner.bootstrap.GlobalServerSettingsProvider: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.sonar.scanner.bootstrap.GlobalServerSettings]: Factory method 'provide' threw exception; nested exception is java.lang.IllegalStateException: Fail to request url: https://sonarqube.docker.localhost/api/settings/values.protobuf
...
My docker-compose.yml, which I made by following this tutorial, is the following:
version: "3"
services:
...
postgres:
image: postgres:13
environment:
- POSTGRES_USER=myusername
- POSTGRES_PASSWORD=myusername
- POSTGRES_DB=sonar
volumes:
- postgres:/var/lib/postgresql
- postgres_data:/var/lib/postgresql/data
networks:
- proxy
...
sonarqube:
image: sonarqube:lts-community
environment:
- SONAR_JDBC_URL=jdbc:postgresql://postgres:5432/sonar
- SONAR_JDBC_USERNAME=myusername
- SONAR_JDBC_PASSWORD=myusername
volumes:
- sonarqube_conf:/opt/sonarqube/conf
- sonarqube_data:/opt/sonarqube/data
- sonarqube_extensions:/opt/sonarqube/extensions
- sonarqube_logs:/opt/sonarqube/logs
- sonarqube_temp:/opt/sonarqube/temp
ports:
- 9000:9000
labels:
- traefik.enable=true
- traefik.http.routers.sonarqube.tls=true
- traefik.http.services.sonarqube.loadbalancer.server.port=9000
- traefik.http.routers.sonarqube.rule=Host(`sonarqube.docker.localhost`)
networks:
- proxy
reverse-proxy:
image: traefik:v2.3
security_opt:
- no-new-privileges:true
restart: on-failure
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${HOME}/.certs:/etc/certs:ro
- ${HOME}/.traefik/traefik.yml:/etc/traefik/traefik.yml:ro
- ${HOME}/.traefik/config.yml:/etc/traefik/config.yml:ro
labels:
- traefik.enable=true
- traefik.http.routers.traefik=true
networks:
- proxy
volumes:
sonarqube_conf:
sonarqube_data:
sonarqube_extensions:
sonarqube_logs:
sonarqube_temp:
postgres:
postgres_data:
networks:
proxy:
external: true
So far I tried to:
- change the cli’s tags from docker hub and try to run it again, running the cli binary works
just fine with my my Traefik’s local DNS configuration. Just like the docker version point to localhost:9000 – which I published the port only to confirm that it’s a issue related to network and not something related to the cli itself - adding and removing password to my pkcs12 – which I followed the Sonar’s previously mentioned tutorial to configure
- adding and removing env vars, volumes, cli’s arguments
- etc
Right now I can access locally https://sonarqube.docker.localhost/ just fine and see my scan results using the localhost:9000 version with sonarsource/sonar-scanner-cli:11.3 and the binary cli version, so I don’t think that it’s something relatead to my local Docker defined network, but I do think that due to my lack of knowledge related to Sonarqube I’m missing some configuration step to make my desired scenario work.
Can anyone, please, shiny a light to guide me figure out this?