SonarQube scanner fails, 'Fail to download sonar-scanner-engine-shaded-7.2.1-all.jar'


(Mark Jaffe) #1

SonarQube version 7.2.1, running Docker-ized on alpine linux, invoked from command-line with mvn -Dmaven.repo.local=pwd/cache/m2/repository -B -Dsonar.userHome=pwd-Dsonar.host.url=https://sonarqube.company.com -Dsonar.login=sonar -Dsonar.password=sonar -Dsonar.exclusions=jenga-ext-model/src/generated/java org.sonarsource.scanner.maven:sonar-maven-plugin:3.6.0.1398:sonar in Jenkins pipeline
I have searched the source code and made various settings to ‘User cache’ such as export SONAR_USER_HOME=/home/sonarqube and in command-line -Dsonar.userHome=/home/sonarqube with no success. There is NOTHING in user documentation about cache settings, but the dependency on a jar located on the server is disturbing. My users are confused, since this had previously been working. One thing I changed recently was to remove references to sonar from the project pom.xml, perhaps this is the issue?


(Duarte Meneses) #2

Hi,
Could you post the logs of the scanner? Preferably with debug enabled (-X).
Thanks.


(Mark Jaffe) #3

build_2019.02.28-213727_log.txt (88.1 KB)
Uploading debug log, company name redacted
Invoked by command-line:

mvn -Dmaven.repo.local=/root/cache/m2/repository -B -U -X -Dsonar.host.url=https://sonarqube.company.com \
-Dsonar.login=sonar -Dsonar.password=sonar  org.sonarsource.scanner.maven:sonar-maven-plugin:3.6.0.1398:sonar 2>&1 | tee -a /logs/build_$dir_name_$TS.log

(Duarte Meneses) #4

Thanks.
Do you manage to download https://sonarqube.company.com/batch/file?name=sonar-scanner-engine-shaded-7.2.1-all.jar from the container, using wget/curl for example?
Are there any proxies in between or do you have any authentication with private keys?

I noticed that the first download took a long time (0.8s for a few bytes), so I wonder if the second download timed out. Do you have any timestamp after the failure?


(Mark Jaffe) #5

Some of my analysis jobs pass, others fail; yes, there is a proxy, but they’re all in AWS, same region. Any auth is with user/password. curl downloads successfully

Further digging reveals that a successful build from this morning on Jenkins server used a cached copy from last week of the scanner jar:

[build@jenkslave-service4 danube-core_PR-222-2M73OCSTE44MTXHZVUY6QPYMEAGFVRKPNVF2YEJCCXVYRVVCU4HA]$ ls -l \?/.sonar/cache/b16b4fe54d9dfecea420156fa339f59f/sonar-scanner-engine-shaded-7.2.1-all.jar
-rw-r--r-- 1 build build 25502839 Feb 21 16:40 ?/.sonar/cache/b16b4fe54d9dfecea420156fa339f59f/sonar-scanner-engine-shaded-7.2.1-all.jar

(Duarte Meneses) #6

Ok, I think the downloads might be timing out (taking too long), you should confirm it in the logs.
The fact that sometimes it finds a cached copy indicates that a different cache directory is being used in some analysis.
The location of the cache folder is in “sonar user home”. This directory is by default ~/.sonar but this can be overriden with System.getenv("SONAR_USER_HOME").


(Mark Jaffe) #7
public class OkHttpClientFactory {

  static final int CONNECT_TIMEOUT_MILLISECONDS = 5_000;
  static final int READ_TIMEOUT_MILLISECONDS = 500_000;
  static final String NONE = "NONE";
  static final String P11KEYSTORE = "PKCS11";
  private static final String PROXY_AUTHORIZATION = "Proxy-Authorization";

  private OkHttpClientFactory() {
    // only statics
  }

  static OkHttpClient create(Logger logger) {
    OkHttpClient.Builder okHttpClientBuilder = new OkHttpClient.Builder();

    okHttpClientBuilder.connectTimeout(CONNECT_TIMEOUT_MILLISECONDS, TimeUnit.MILLISECONDS);
    okHttpClientBuilder.readTimeout(READ_TIMEOUT_MILLISECONDS, TimeUnit.MILLISECONDS);

    ConnectionSpec tls = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
      .allEnabledTlsVersions()
      .allEnabledCipherSuites()
      .supportsTlsExtensions(true)
      .build();
    okHttpClientBuilder.connectionSpecs(asList(tls, ConnectionSpec.CLEARTEXT));

This looks like it should be a reasonable connection timeout


(Mark Jaffe) #8

Also I should note: setting SONAR_USER_HOME is not honored when the analysis is done, it still ends up in Jenkins working directory under ‘?’/.sonar/cache
I also tried setting -Dsonar.userHome in command-line which also did not get followed


(Mark Jaffe) #9

And I just ran a test fetch with curl from the sonar host within the docker container I am using to build, running on the Jenkins slave. Timed out in 20 seconds with 17Mb of the 25Mb jar downloaded!