SQL Server DB connection fails when using docker image for 9.6, fine with 9.5

EBes · August 16, 2022, 1:15pm

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

linux host running docker 20.10.16

Sonarqube docker image 9.6-developer
and
Sonarqube docker image 9.5-developer

what are you trying to achieve

Upgrading from 9.5 to 9.6

what have you tried so far to achieve this

We upgraded from lts-community edition to latest community edition a few weeks back without any issues, then tried the developer edition without issues (it migrated fine) but with the latest update (4 days ago) we’re getting the following errors:

2022.08.16 12:32:26 WARN  web[][o.s.c.a.AnnotationConfigApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5c29bfd-org.sonar.db.DefaultDatabase': Initialization of bean failed; nested exception is java.lang.IllegalStateException: Fail to connect to database
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5c29bfd-org.sonar.db.DefaultDatabase': Initialization of bean failed; nested exception is java.lang.IllegalStateException: Fail to connect to database
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:628)

[snip]

Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

Command to set up the latest version:
docker run -d --name sonarqube -p 9000:9000 -e SONAR_JDBC_URL='jdbc:sqlserver://our.dbserver.com;databaseName=ourdb.sonarqube' -e SONAR_JDBC_USERNAME='correct_username' -e SONAR_JDBC_PASSWORD='correct_password' -v sonarqube_data:/opt/sonarqube/data -v sonarqube_extensions:/opt/sonarqube/extensions -v sonarqube_logs:/opt/sonarqube/logs --restart=unless-stopped sonarqube:developer

Exactly the same command (after removing and recreating the volumes & removing the broken container) except when using
sonarqube:9.5-developer
works fine.

I’m assuming this is a TLS issue?

Colin · August 17, 2022, 8:22am

Hey there.

Make sure you read the upgrade notes

Microsoft SQL Server changes in configuration and Integrated Authentication

If your Microsoft SQL Server doesn’t support encryption, you will need to add encrypt=false to the JDBC URL connection string. (SONAR-16249).

If your Microsoft SQL Server requires encryption but you don’t want SonarQube to validate the certificate, you will need to add trustServerCertificate=true to the JDBC URL connection string.

EBes · August 17, 2022, 1:40pm

Ah, thank you! I overlooked that part. I was mostly following the Microsoft SQL Server subsection of the installing the server documentation page which might need a note for that as well.

Colin · August 17, 2022, 3:47pm

This is a super good point. Thanks – we’ll make sure something is added.

system · August 24, 2022, 3:48pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.