SonarQube webhook for Jenkins - task status is 'IN_PROGRESS' | Server Unreachable

Team,

for the last few days I am trying to set up a webhook in Sonar in terms to obtain the result of the Sonar Analysis in my Jenkins pipeline - however I am not able to do that in any way. The part of the script looks as follow:

timeout (time: 3, unit: ‘MINUTES’) {
withSonarQubeEnv(credentialsId: ‘creds’ , installationName: ‘name’) {
waitForQualityGate abortPipeline: false, credentialsId: ‘creds2’
}
}

In the Sonar I have put the link with the url (I can see green checks after I put it):
https://jenkins/sonarqube-webhook/

The communication between Sonar and Jenkins are working fine, I can ping and wget/curl both sites. The firewall is/should not the problem here.

I have also included the following additional environment valuable for Sonar (to access jenkins over https):

-Dsonar.ce.javaAdditionalOpts=-Djavax.net.ssl.trustStore=mykey.jks -Djavax.net.ssl.trustStorePassword=passwd

Unfortunately I still receive the following error in the Sonar:

Response: Server Unreachable

And in the Jenkins:

SonarQube task (…) status is ‘IN_PROGRESS’

I have already gone through the following topics:

• https://community.sonarsource.com/t/need-a-sleep-between-withsonarqubeenv-and-waitforqualitygate-or-it-spins-in-in-progress/2265
• https://community.sonarsource.com/t/sonar-webhook-unreachable/9618
  But they did not help me. I can not see anything in the sonar logs related to my issue (/opt/sonarqube/logs/*).

I would appreciate any suggestion/tip from you.

Thank you.

Version of the tools I am using:

• Jenkins 2.89.4
• Sonar quality gate plugin V1.3.1
• SonarQube 7.4.0.18908

I have no idea why you’re seeing “Server Unreachable”. That would point to configuration issues that you’re not showing here.

However, I would point out two things. First, the call to “waitForQualityGate” probably should occur after the “withSonarQubeEnv” block. I don’t know if that’s a critical issue. Second, a 3 minute timeout for the scan and the background task to complete is probably unrealistic.

Hey David,

thank you very much for your response.
What kind of configuration would you check in the first place?

When it comes to your points - they are good, but I have already double checked them.
Anyway I have just started another job with 10 minutes of timeout and I have moved the “withSonarQubeEnv” to one block earlier - but it did not help.

Hi,

Welcome to the community!

If you’re seeing “Server unreachable” in SonarQube then… Jenkins isn’t receiving the webhook call because SonarQube couldn’t reach it.

When you manually call the Jenkins Webhook URL you’ve configured into SonarQube, do you get a response? Do you have anything on the network (proxy, firewall) between the two that might be interfering?

 
Ann

Hi Ann!

Thank you, I hope I could someday help someone instead of still asking for help.

What kind of manual call should I do from SonarQube? What would you suggest?
I do the following call in terms to checking from the Sonar POD:

curl --cacert /path/to/mychain.cer https://myjenkinsinstance/

and that works. I can also ping my jenkins without any problems.

Hi,

It looks like you’ve done the expected checks.

And… that --cacert part catches my eye. Is it required to make the curl call work? And if so, I guess you need to make the cert available to the JVM running SonarQube…?

 
Ann

Hi,

Yes, curl requires certificate chain to connect to my jenkins https. As it is .cer file, I have create .jks key as follow:

keytool -importcert -file /path/to/mychain.cer -keysize 2048 -keystore mykey.jks -alias cert

And I have added the following options to the JVM:

-Dsonar.ce.javaAdditionalOpts=-Djavax.net.ssl.trustStore=mykey.jks -Djavax.net.ssl.trustStorePassword=passwd

To be honest - I am really not sure if I have done it right - I have followed many topics in “google” and in the theory it should work, but I had to miss something.

Hi,

Sorry, but I’m not sure how to help you from here. I’ve already exceeded my expertise in this direction.

 

Ann

I have the same Issue when upgrading from SonarQube 7.6 to SonarQube 7.9 (as official Docker Image).

@posone what Java Version are you using?
Running SonarQube 7.6 in Docker I was using OpenJDK 1.8.0 - SonarQube 7.9 runs with OpenJDK 11.0.6

Within “Administration - System - Compute Engine” you should see the configured JKS when the parameter was recognized correct

Hey @Christoph_Forster, I am sorry for late response.
I am using openjdk version “1.8.0_181” (SonarQube 7.4.0.18908 as Container on openshift).

Hi @posone ,

As mentioned it worked for me using SonarQube 7.6 (within docker). I have not tried SonarQube 7.4 but upgrading to 7.9 did not work anymore (I expected due to the JDK Upgrade) …

If you want you can test the jks for validity using this Java Snippet within my gist: https://gist.github.com/chforster/e366dd13b7cc2b4e4ecf53a92f1116d0

Just be sure that your jks is named “sonarqube.jks” and is located in the same directory than the compiled java class (or simply adapt the code ) …

Sorry that I can not help anymore.

Thank you @Christoph_Forster, that was helpful anyway. And your script is working just fine, handy tool, thanks!