SonarQube scan sometimes fails for some projects but not all projects

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
• what are you trying to achieve
• what have you tried so far to achieve this

Hi everyone,

We are using SonarQube (8.9 LTS) on OpenShift 4. However, a team of developers (not other teams)
sometimes gets the following error message. We have no clue how to fix this problem. We restarted SonarQube but this issue has happened. The ambiguous part is that it does not happen every time that the project is being built. It happens once now and maybe another time in next 5 days.

[2022-10-26T12:08:16.806Z] [INFO] 12:08:12.016 Load/download plugins (done) | time=123700ms
[2022-10-26T12:08:16.806Z] [INFO] e[1m------------------------------------------------------------------------e[m
[2022-10-26T12:08:16.806Z] [INFO] e[1mReactor Summary:e[m
[2022-10-26T12:08:16.806Z] [INFO] 
[2022-10-26T12:08:16.806Z] [INFO] user-preference .................................... e[1;31mFAILUREe[m [02:05 min]
[2022-10-26T12:08:16.806Z] [INFO] userpreference-api ............................. e[1;32mSUCCESSe[m [  1.644 s]
[2022-10-26T12:08:16.806Z] [INFO] e[1m------------------------------------------------------------------------e[m
[2022-10-26T12:08:16.806Z] [INFO] e[1;31mBUILD FAILUREe[m
[2022-10-26T12:08:16.806Z] [INFO] e[1m------------------------------------------------------------------------e[m
[2022-10-26T12:08:16.806Z] [INFO] Total time: 02:10 min
[2022-10-26T12:08:16.806Z] [INFO] Finished at: 2022-10-26T12:08:12Z
[2022-10-26T12:08:16.806Z] [INFO] Final Memory: 42M/150M
[2022-10-26T12:08:16.806Z] [INFO] e[1m------------------------------------------------------------------------e[m
22-10-26T12:08:16.806Z] [ERROR] Failed to execute goal e[32morg.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonare[m e[1m(default-cli)e[m on project e[36muser-preferencee[m: e[1;31mFail to download plugin [java]. File /home/jenkins/.sonar/_tmp/fileCache10328685741810063388.tmp was expected to have checksum 83d77354b8e64b0eaa0b596388567b0f but had 8920d5f1516aaa0ee5f257e1e9bdd1cde[m -> e[1m[Help 1]e[m
[2022-10-26T12:08:16.806Z] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal e[32morg.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonare[m e[1m(default-cli)e[m on project e[36muser-preferencee[m: e[1;31mFail to download plugin [java]. File /home/jenkins/.sonar/_tmp/fileCache10328685741810063388.tmp was expected to have checksum 83d77354b8e64b0eaa0b596388567b0f but had 8920d5f1516aaa0ee5f257e1e9bdd1cde[m
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:213)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:154)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:146)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:309)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:194)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:107)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.cli.MavenCli.execute(MavenCli.java:993)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:345)
[2022-10-26T12:08:16.806Z] 	at org.apache.maven.cli.MavenCli.main(MavenCli.java:191)
[2022-10-26T12:08:16.806Z] 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[2022-10-26T12:08:16.806Z] 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[2022-10-26T12:08:16.806Z] 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[2022-10-26T12:08:16.806Z] 	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
[2022-10-26T12:08:16.806Z] 	at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
[2022-10-26T12:08:16.806Z] 	at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
[2022-10-26T12:08:16.806Z] 	at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
[2022-10-26T12:08:16.806Z] 	at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
[2022-10-26T12:08:16.806Z] Caused by: org.apache.maven.plugin.MojoExecutionException: Fail to download plugin [java]. File /home/jenkins/.sonar/_tmp/fileCache10328685741810063388.tmp was expected to have checksum 83d77354b8e64b0eaa0b596388567b0f but had 8920d5f1516aaa0ee5f257e1e9bdd1cd
[2022-10-26T12:08:16.806Z] 	at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute(ScannerBootstrapper.java:67)
[2022-10-26T12:08:16.807Z] 	at org.sonarsource.scanner.maven.SonarQubeMojo.execute(SonarQubeMojo.java:104)
[2022-10-26T12:08:16.807Z] 	at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
[2022-10-26T12:08:16.807Z] 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)
[2022-10-26T12:08:16.807Z] 	... 20 more
[2022-10-26T12:08:16.807Z] Caused by: java.lang.IllegalStateException: Fail to download plugin [java]. File /home/jenkins/.sonar/_tmp/fileCache10328685741810063388.tmp was expected to have checksum 83d77354b8e64b0eaa0b596388567b0f but had 8920d5f1516aaa0ee5f257e1e9bdd1cd
[2022-10-26T12:08:16.807Z] 	at org.sonar.scanner.bootstrap.PluginFiles.download(PluginFiles.java:119)
[2022-10-26T12:08:16.807Z] 	at org.sonar.scanner.bootstrap.PluginFiles.get(PluginFiles.java:89)
[2022-10-26T12:08:16.807Z] 	at org.sonar.scanner.bootstrap.ScannerPluginInstaller.loadPlugins(ScannerPluginInstaller.java:77)
[2022-10-26T12:08:16.807Z] 	at org.sonar.scanner.bootstrap.ScannerPluginInstaller.installRemotes(ScannerPluginInstaller.java:60)
[2022-10-26T12:08:16.807Z] 	at org.sonar.scanner.bootstrap.ScannerPluginRepository.start(ScannerPluginRepository.java:62)
[2022-10-26T12:08:16.807Z] 	at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
[2022-10-26T12:08:16.807Z] 	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
[2022-10-26T12:08:16.807Z] 	at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
[2022-10-26T12:08:16.807Z] 	at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
[2022-10-26T12:08:16.807Z] 	at org.picocontainer.behaviors.Stored.start(Stored.java:110)
[2022-10-26T12:08:16.807Z] 	at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
[2022-10-26T12:08:16.807Z] 	at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
[2022-10-26T12:08:16.807Z] 	at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
[2022-10-26T12:08:16.807Z] 	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
[2022-10-26T12:08:16.807Z] 	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
[2022-10-26T12:08:16.807Z] 	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
[2022-10-26T12:08:16.807Z] 	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
[2022-10-26T12:08:16.807Z] 	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
[2022-10-26T12:08:16.807Z] 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[2022-10-26T12:08:16.807Z] 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[2022-10-26T12:08:16.807Z] 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[2022-10-26T12:08:16.807Z] 	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
[2022-10-26T12:08:16.807Z] 	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
[2022-10-26T12:08:16.807Z] 	at com.sun.proxy.$Proxy24.execute(Unknown Source)
[2022-10-26T12:08:16.807Z] 	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
[2022-10-26T12:08:16.807Z] 	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
[2022-10-26T12:08:16.807Z] 	at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute(ScannerBootstrapper.java:65)
[2022-10-26T12:08:16.807Z] 	... 23 more
[2022-10-26T12:08:16.807Z] [ERROR] 
[2022-10-26T12:08:16.807Z] [ERROR] 
[2022-10-26T12:08:16.807Z] [ERROR] For more information about the errors and possible solutions, please read the following articles:
[2022-10-26T12:08:16.807Z] [ERROR] e[1m[Help 1]e[m http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException```


Why this error happens off and on? 


Thanks in advance.

Hi,

It looks like there’s some interference with the plugin download. You should talk to your network folks.

 
HTH,
Ann

I want to reactivate this old thread.

I see many people have had this issue and plugins are not downloaded completely, detected by mismatch md5hash checksum.

Currently, we are using SonarQube LTS 9.9, hosted on openshift. Still the same issue. We disable WAF and many other options but sometimes this plugin download failure happens.

I have a few questions:

Can we host these plugins somewhere else? like in an artifactory?

I see some people tried to cache their plugins somehow; therefore, their speed got improved and also this issue of mismatched MD5 didn’t occur again.

Could you advise us about possible issues for network interruption?

Hi @openshift4,

What does your $SONARQUBE-HOME/logs/access.log say about how long it took SonarQube to serve the plugins (last number on the line)? If it’s too long, that may indicate that SonarQube needs more resources.

 
Ann

Hi again,

we did a test with sonarqube to scan a project every 10 minutes. It never fails to download the plugins at night. Once it is a day time, it fails randomly. It mostly fails with the domain name and it fails fewer times with open shift route. The same two endpoints never fail at nights. We doubled the ram and cpu for the pod. What do you suggest to increase? We are using an external SQL server as database.

In the system → download logs, → access.log ( set to info ) I don’t see much information.

[17/Apr/2024:06:59:52 +0000] “GET /api/plugins/download?plugin=securitycsharpfrontend HTTP/1.1” 200 - “-” “ScannerCLI/5.0.1.3006” “…NBfkL”

Hi,

As I said earlier, the last number on the access log line is how long it took SonarQube to serve the request. E.G.

127.0.0.1 - - [16/Apr/2024:08:26:12 -0400] "GET /api/qualityprofiles/search.protobuf?project=io.ecocode%3Aecocode-php-plugin-test-project HTTP/1.1" 200 2976 "-" "ScannerMaven/3.11.0.3922/3.9.1" "876edb37-6d1c-4264-b329-53609936bd21" 165

It took 165 milliseconds to process this request.

This sounds like resources. Is SonarQube the only thing on the host? If it is, then it’s can’t be resource contention on the host, and I would (again) go back to the network folks.

 
Ann

Hi Ann,

Thanks for reply. We increased the RAM just to make sure it is not the RAM issue. Now the pod is just using 60% of the given RAM. In front of openshift there is a loadbalancer. That might cause the issue. However, still wondering why the test instance never fails.

My question is, now we are running 9.9 LTS. If we upgrade to the latest version of SonarQube, Sonar Scanner still needs to download all the plugins or it only downloads the necessary plugins?

Hi,

SonarQube 10.5 was announced yesterday. Once you upgrade to it only the plugins needed for the analysis will be downloaded.

 
Ann