-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
jobs are being run in a container via the kubernetes plugin and I have installed the custom CA Cert to the container image.
Info dump:
awt.toolkit sun.awt.X11.XToolkit
executable-war /usr/share/jenkins/jenkins.war
file.encoding UTF-8
file.encoding.pkg sun.io
file.separator /
hudson.model.DirectoryBrowserSupport.CSP
hudson.slaves.NodeProvisioner.initialDelay 0
hudson.slaves.NodeProvisioner.MARGIN 50
hudson.slaves.NodeProvisioner.MARGIN0 0.85
java.awt.graphicsenv sun.awt.X11GraphicsEnvironment
java.awt.headless true
java.awt.printerjob sun.print.PSPrinterJob
java.class.path /usr/share/jenkins/jenkins.war
java.class.version 52.0
java.endorsed.dirs /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/endorsed
java.ext.dirs /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext:/usr/java/packages/lib/ext
java.home /usr/lib/jvm/java-8-openjdk-amd64/jre
java.io.tmpdir /tmp
java.library.path /usr/java/packages/lib/amd64:/usr/lib/x86_64-linux-gnu/jni:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/jni:/lib:/usr/lib
java.runtime.name OpenJDK Runtime Environment
java.runtime.version 1.8.0_162-8u162-b12-1~deb9u1-b12
java.specification.name Java Platform API Specification
java.specification.vendor Oracle Corporation
java.specification.version 1.8
java.vendor Oracle Corporation
java.vendor.url http://java.oracle.com/
java.vendor.url.bug http://bugreport.sun.com/bugreport/
java.version 1.8.0_162
java.vm.info mixed mode
java.vm.name OpenJDK 64-Bit Server VM
java.vm.specification.name Java Virtual Machine Specification
java.vm.specification.vendor Oracle Corporation
java.vm.specification.version 1.8
java.vm.vendor Oracle Corporation
java.vm.version 25.162-b12
javax.accessibility.assistive_technologies org.GNOME.Accessibility.AtkWrapper
jetty.git.hash 82b8fb23f757335bb3329d540ce37a2a2615f0a8
jna.loaded true
jna.platform.library.path /usr/lib/x86_64-linux-gnu:/lib/x86_64-linux-gnu:/lib64:/usr/lib:/lib
jnidispatch.path /tmp/jna--1712433994/jna4116952368626064570.tmp
line.separator
mail.smtp.sendpartial true
mail.smtps.sendpartial true
org.apache.commons.jelly.tags.fmt.timeZone America/Los_Angeles
os.arch amd64
os.name Linux
os.version 4.4.86+
path.separator :
sun.arch.data.model 64
sun.boot.class.path /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/resources.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/rt.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jsse.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jce.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/charsets.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jfr.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/classes
sun.boot.library.path /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64
sun.cpu.endian little
sun.cpu.isalist
sun.font.fontmanager sun.awt.X11FontManager
sun.io.unicode.encoding UnicodeLittle
sun.java.command /usr/share/jenkins/jenkins.war --argumentsRealm.passwd.jenkins=[redacted] --argumentsRealm.roles.jenkins=admin
sun.java.launcher SUN_STANDARD
sun.jnu.encoding UTF-8
sun.management.compiler HotSpot 64-Bit Tiered Compilers
sun.os.patch.level unknown
svnkit.http.methods Digest,Basic,NTLM,Negotiate
svnkit.ssh2.persistent false
user.dir /
user.home /var/jenkins_home
user.language en
user.name jenkins
user.timezone Etc/UTC
Environment Variables
Name ↓
Value
CA_CERTIFICATES_JAVA_VERSION 20170531+nmu1
COPY_REFERENCE_FILE_LOG /var/jenkins_home/copy_reference_file.log
HOME /var/jenkins_home
HOSTNAME jenkins-65cd5cd67d-v59ps
JAVA_DEBIAN_VERSION 8u162-b12-1~deb9u1
JAVA_HOME /docker-java-home
JAVA_OPTS -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
JAVA_VERSION 8u162
JENKINS_DISCOVERY_PORT tcp://10.51.252.119:50000
JENKINS_DISCOVERY_PORT_50000_TCP tcp://10.51.252.119:50000
JENKINS_DISCOVERY_PORT_50000_TCP_ADDR 10.51.252.119
JENKINS_DISCOVERY_PORT_50000_TCP_PORT 50000
JENKINS_DISCOVERY_PORT_50000_TCP_PROTO tcp
JENKINS_DISCOVERY_SERVICE_HOST 10.51.252.119
JENKINS_DISCOVERY_SERVICE_PORT 50000
JENKINS_DISCOVERY_SERVICE_PORT_SLAVES 50000
JENKINS_HOME /var/jenkins_home
JENKINS_OPTS --argumentsRealm.passwd.jenkins=[redacted] --argumentsRealm.roles.jenkins=admin
JENKINS_SLAVE_AGENT_PORT 50000
JENKINS_UC https://updates.jenkins.io
JENKINS_UC_EXPERIMENTAL https://updates.jenkins.io/experimental
JENKINS_UI_PORT tcp://10.51.242.56:8080
JENKINS_UI_PORT_8080_TCP tcp://10.51.242.56:8080
JENKINS_UI_PORT_8080_TCP_ADDR 10.51.242.56
JENKINS_UI_PORT_8080_TCP_PORT 8080
JENKINS_UI_PORT_8080_TCP_PROTO tcp
JENKINS_UI_SERVICE_HOST 10.51.242.56
JENKINS_UI_SERVICE_PORT 8080
JENKINS_UI_SERVICE_PORT_UI 8080
JENKINS_VERSION 2.119
KUBERNETES_PORT tcp://10.51.240.1:443
KUBERNETES_PORT_443_TCP tcp://10.51.240.1:443
KUBERNETES_PORT_443_TCP_ADDR 10.51.240.1
KUBERNETES_PORT_443_TCP_PORT 443
KUBERNETES_PORT_443_TCP_PROTO tcp
KUBERNETES_SERVICE_HOST 10.51.240.1
KUBERNETES_SERVICE_PORT 443
KUBERNETES_SERVICE_PORT_HTTPS 443
LANG C.UTF-8
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD /
SHLVL 0
Plugins
Name ↓
Version
Enabled
ace-editor 1.1 true
ant 1.8 true
antisamy-markup-formatter 1.5 true
apache-httpcomponents-client-4-api 4.5.5-2.0 true
artifactory 2.16.1 true
authentication-tokens 1.3 true
blueocean 1.1.4 true
blueocean-autofavorite 1.0.0 true
blueocean-commons 1.1.6 true
blueocean-config 1.1.4 true
blueocean-dashboard 1.1.4 true
blueocean-display-url 2.0 true
blueocean-events 1.1.4 true
blueocean-git-pipeline 1.1.6 true
blueocean-github-pipeline 1.1.6 true
blueocean-i18n 1.1.4 true
blueocean-jwt 1.1.6 true
blueocean-personalization 1.1.4 true
blueocean-pipeline-api-impl 1.1.6 true
blueocean-pipeline-editor 0.2.0 true
blueocean-pipeline-scm-api 1.1.6 true
blueocean-rest 1.1.6 true
blueocean-rest-impl 1.1.6 true
blueocean-web 1.1.6 true
bouncycastle-api 2.16.1 true
branch-api 2.0.9 true
build-user-vars-plugin 1.5 true
cloudbees-folder 6.3 true
clover 4.8.0 true
command-launcher 1.2 true
config-file-provider 2.18 true
credentials 2.1.16 true
credentials-binding 1.15 true
cvs 2.13 true
display-url-api 2.0 true
docker-commons 1.11 true
docker-workflow 1.15.1 true
durable-task 1.17 true
email-ext 2.62 true
external-monitor-job 1.7 true
favorite 2.3.0 true
ghprb 1.42.0 true
git 3.9.1 true
git-client 2.7.2 true
git-server 1.7 true
github 1.29.1 true
github-api 1.92 true
github-branch-source 2.3.6 true
github-organization-folder 1.6 true
google-login 1.4 true
google-metadata-plugin 0.2 true
google-oauth-plugin 0.6 true
google-source-plugin 0.3 true
gradle 1.28 true
handlebars 1.1.1 true
hashicorp-vault-plugin 2.1.1 true
htmlpublisher 1.16 true
http_request 1.8.22 true
icon-shim 2.0.3 true
ivy 1.28 true
jackson2-api 2.8.11.1 true
javadoc 1.4 true
jdk-tool 1.0 true
jquery-detached 1.2.1 true
jsch 0.1.54.1 true
junit 1.24 true
kubernetes 1.7.1 true
kubernetes-credentials 0.3.1 true
ldap 1.14 true
mailer 1.21 true
mapdb-api 1.0.9.0 true
matrix-auth 2.2 true
matrix-project 1.11 true
maven-plugin 3.1.2 true
metrics 3.1.2.10 true
momentjs 1.1.1 true
oauth-credentials 0.3 true
pam-auth 1.3 true
pipeline-build-step 2.5.1 true
pipeline-github-lib 1.0 true
pipeline-graph-analysis 1.3 true
pipeline-input-step 2.8 true
pipeline-milestone-step 1.3.1 true
pipeline-model-api 1.1.8 true
pipeline-model-declarative-agent 1.1.1 true
pipeline-model-definition 1.1.8 true
pipeline-model-extensions 1.1.8 true
pipeline-rest-api 2.8 true
pipeline-stage-step 2.2 true
pipeline-stage-tags-metadata 1.1.8 true
pipeline-stage-view 2.8 true
plain-credentials 1.4 true
pubsub-light 1.10 true
role-strategy 2.7.0 true
scm-api 2.2.6 true
script-security 1.44 true
slack 2.3 true
sse-gateway 1.15 true
ssh-agent 1.15 true
ssh-credentials 1.13 true
ssh-slaves 1.26 true
structs 1.14 true
subversion 2.10.5 true
token-macro 2.5 true
translation 1.16 true
variant 1.1 true
windows-slaves 1.2 true
workflow-aggregator 2.5 true
workflow-api 2.25 true
workflow-basic-steps 2.6 true
workflow-cps 2.36.1 true
workflow-cps-global-lib 2.8 true
workflow-durable-task-step 2.12 true
workflow-job 2.11.1 true
workflow-multibranch 2.15 true
workflow-scm-step 2.5 true
workflow-step-api 2.12 true
workflow-support 2.14 true
jobs are being run in a container via the kubernetes plugin and I have installed the custom CA Cert to the container image. Info dump: awt.toolkit sun.awt.X11.XToolkit executable-war /usr/share/jenkins/jenkins.war file.encoding UTF-8 file.encoding.pkg sun.io file.separator / hudson.model.DirectoryBrowserSupport.CSP hudson.slaves.NodeProvisioner.initialDelay 0 hudson.slaves.NodeProvisioner.MARGIN 50 hudson.slaves.NodeProvisioner.MARGIN0 0.85 java.awt.graphicsenv sun.awt.X11GraphicsEnvironment java.awt.headless true java.awt.printerjob sun.print.PSPrinterJob java.class.path /usr/share/jenkins/jenkins.war java.class.version 52.0 java.endorsed.dirs /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/endorsed java.ext.dirs /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext:/usr/java/packages/lib/ext java.home /usr/lib/jvm/java-8-openjdk-amd64/jre java.io.tmpdir /tmp java.library.path /usr/java/packages/lib/amd64:/usr/lib/x86_64-linux-gnu/jni:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/jni:/lib:/usr/lib java.runtime.name OpenJDK Runtime Environment java.runtime.version 1.8.0_162-8u162-b12-1~deb9u1-b12 java.specification.name Java Platform API Specification java.specification.vendor Oracle Corporation java.specification.version 1.8 java.vendor Oracle Corporation java.vendor.url http://java.oracle.com/ java.vendor.url.bug http://bugreport.sun.com/bugreport/ java.version 1.8.0_162 java.vm.info mixed mode java.vm.name OpenJDK 64-Bit Server VM java.vm.specification.name Java Virtual Machine Specification java.vm.specification.vendor Oracle Corporation java.vm.specification.version 1.8 java.vm.vendor Oracle Corporation java.vm.version 25.162-b12 javax.accessibility.assistive_technologies org.GNOME.Accessibility.AtkWrapper jetty.git.hash 82b8fb23f757335bb3329d540ce37a2a2615f0a8 jna.loaded true jna.platform.library.path /usr/lib/x86_64-linux-gnu:/lib/x86_64-linux-gnu:/lib64:/usr/lib:/lib jnidispatch.path /tmp/jna--1712433994/jna4116952368626064570.tmp line.separator mail.smtp.sendpartial true mail.smtps.sendpartial true org.apache.commons.jelly.tags.fmt.timeZone America/Los_Angeles os.arch amd64 os.name Linux os.version 4.4.86+ path.separator : sun.arch.data.model 64 sun.boot.class.path /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/resources.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/rt.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jsse.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jce.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/charsets.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jfr.jar:/usr/lib/jvm/java-8-openjdk-amd64/jre/classes sun.boot.library.path /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64 sun.cpu.endian little sun.cpu.isalist sun.font.fontmanager sun.awt.X11FontManager sun.io.unicode.encoding UnicodeLittle sun.java.command /usr/share/jenkins/jenkins.war --argumentsRealm.passwd.jenkins=[redacted] --argumentsRealm.roles.jenkins=admin sun.java.launcher SUN_STANDARD sun.jnu.encoding UTF-8 sun.management.compiler HotSpot 64-Bit Tiered Compilers sun.os.patch.level unknown svnkit.http.methods Digest,Basic,NTLM,Negotiate svnkit.ssh2.persistent false user.dir / user.home /var/jenkins_home user.language en user.name jenkins user.timezone Etc/UTC Environment Variables Name ↓ Value CA_CERTIFICATES_JAVA_VERSION 20170531+nmu1 COPY_REFERENCE_FILE_LOG /var/jenkins_home/copy_reference_file.log HOME /var/jenkins_home HOSTNAME jenkins-65cd5cd67d-v59ps JAVA_DEBIAN_VERSION 8u162-b12-1~deb9u1 JAVA_HOME /docker-java-home JAVA_OPTS -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 JAVA_VERSION 8u162 JENKINS_DISCOVERY_PORT tcp://10.51.252.119:50000 JENKINS_DISCOVERY_PORT_50000_TCP tcp://10.51.252.119:50000 JENKINS_DISCOVERY_PORT_50000_TCP_ADDR 10.51.252.119 JENKINS_DISCOVERY_PORT_50000_TCP_PORT 50000 JENKINS_DISCOVERY_PORT_50000_TCP_PROTO tcp JENKINS_DISCOVERY_SERVICE_HOST 10.51.252.119 JENKINS_DISCOVERY_SERVICE_PORT 50000 JENKINS_DISCOVERY_SERVICE_PORT_SLAVES 50000 JENKINS_HOME /var/jenkins_home JENKINS_OPTS --argumentsRealm.passwd.jenkins=[redacted] --argumentsRealm.roles.jenkins=admin JENKINS_SLAVE_AGENT_PORT 50000 JENKINS_UC https://updates.jenkins.io JENKINS_UC_EXPERIMENTAL https://updates.jenkins.io/experimental JENKINS_UI_PORT tcp://10.51.242.56:8080 JENKINS_UI_PORT_8080_TCP tcp://10.51.242.56:8080 JENKINS_UI_PORT_8080_TCP_ADDR 10.51.242.56 JENKINS_UI_PORT_8080_TCP_PORT 8080 JENKINS_UI_PORT_8080_TCP_PROTO tcp JENKINS_UI_SERVICE_HOST 10.51.242.56 JENKINS_UI_SERVICE_PORT 8080 JENKINS_UI_SERVICE_PORT_UI 8080 JENKINS_VERSION 2.119 KUBERNETES_PORT tcp://10.51.240.1:443 KUBERNETES_PORT_443_TCP tcp://10.51.240.1:443 KUBERNETES_PORT_443_TCP_ADDR 10.51.240.1 KUBERNETES_PORT_443_TCP_PORT 443 KUBERNETES_PORT_443_TCP_PROTO tcp KUBERNETES_SERVICE_HOST 10.51.240.1 KUBERNETES_SERVICE_PORT 443 KUBERNETES_SERVICE_PORT_HTTPS 443 LANG C.UTF-8 PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PWD / SHLVL 0 Plugins Name ↓ Version Enabled ace-editor 1.1 true ant 1.8 true antisamy-markup-formatter 1.5 true apache-httpcomponents-client-4-api 4.5.5-2.0 true artifactory 2.16.1 true authentication-tokens 1.3 true blueocean 1.1.4 true blueocean-autofavorite 1.0.0 true blueocean-commons 1.1.6 true blueocean-config 1.1.4 true blueocean-dashboard 1.1.4 true blueocean-display-url 2.0 true blueocean-events 1.1.4 true blueocean-git-pipeline 1.1.6 true blueocean-github-pipeline 1.1.6 true blueocean-i18n 1.1.4 true blueocean-jwt 1.1.6 true blueocean-personalization 1.1.4 true blueocean-pipeline-api-impl 1.1.6 true blueocean-pipeline-editor 0.2.0 true blueocean-pipeline-scm-api 1.1.6 true blueocean-rest 1.1.6 true blueocean-rest-impl 1.1.6 true blueocean-web 1.1.6 true bouncycastle-api 2.16.1 true branch-api 2.0.9 true build-user-vars-plugin 1.5 true cloudbees-folder 6.3 true clover 4.8.0 true command-launcher 1.2 true config-file-provider 2.18 true credentials 2.1.16 true credentials-binding 1.15 true cvs 2.13 true display-url-api 2.0 true docker-commons 1.11 true docker-workflow 1.15.1 true durable-task 1.17 true email-ext 2.62 true external-monitor-job 1.7 true favorite 2.3.0 true ghprb 1.42.0 true git 3.9.1 true git-client 2.7.2 true git-server 1.7 true github 1.29.1 true github-api 1.92 true github-branch-source 2.3.6 true github-organization-folder 1.6 true google-login 1.4 true google-metadata-plugin 0.2 true google-oauth-plugin 0.6 true google-source-plugin 0.3 true gradle 1.28 true handlebars 1.1.1 true hashicorp-vault-plugin 2.1.1 true htmlpublisher 1.16 true http_request 1.8.22 true icon-shim 2.0.3 true ivy 1.28 true jackson2-api 2.8.11.1 true javadoc 1.4 true jdk-tool 1.0 true jquery-detached 1.2.1 true jsch 0.1.54.1 true junit 1.24 true kubernetes 1.7.1 true kubernetes-credentials 0.3.1 true ldap 1.14 true mailer 1.21 true mapdb-api 1.0.9.0 true matrix-auth 2.2 true matrix-project 1.11 true maven-plugin 3.1.2 true metrics 3.1.2.10 true momentjs 1.1.1 true oauth-credentials 0.3 true pam-auth 1.3 true pipeline-build-step 2.5.1 true pipeline-github-lib 1.0 true pipeline-graph-analysis 1.3 true pipeline-input-step 2.8 true pipeline-milestone-step 1.3.1 true pipeline-model-api 1.1.8 true pipeline-model-declarative-agent 1.1.1 true pipeline-model-definition 1.1.8 true pipeline-model-extensions 1.1.8 true pipeline-rest-api 2.8 true pipeline-stage-step 2.2 true pipeline-stage-tags-metadata 1.1.8 true pipeline-stage-view 2.8 true plain-credentials 1.4 true pubsub-light 1.10 true role-strategy 2.7.0 true scm-api 2.2.6 true script-security 1.44 true slack 2.3 true sse-gateway 1.15 true ssh-agent 1.15 true ssh-credentials 1.13 true ssh-slaves 1.26 true structs 1.14 true subversion 2.10.5 true token-macro 2.5 true translation 1.16 true variant 1.1 true windows-slaves 1.2 true workflow-aggregator 2.5 true workflow-api 2.25 true workflow-basic-steps 2.6 true workflow-cps 2.36.1 true workflow-cps-global-lib 2.8 true workflow-durable-task-step 2.12 true workflow-job 2.11.1 true workflow-multibranch 2.15 true workflow-scm-step 2.5 true workflow-step-api 2.12 true workflow-support 2.14 true
I would expect that this plugin should use a standard cert store and tls library and this should just work. But it doesn't work, apologies if it's something I've setup incorrectly.
Inside the container, I've used SSLPoke (from here: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html ) to test whether or not the CA cert was succesfully installed into the $JAVA_HOME keystore and it was:
$JAVA_HOME/bin/java SSLPoke 1.2.3.4 1234 Successfully connected
Note: if it matters I am connecting to the vault IP and not a hostname.
Inside the container, JAVA_HOME is /docker-java-home and /docker-java-home/jre/lib/security/cacerts is a symlink to /etc/ssl/certs/java/cacerts (which does contain the custom CA cert)
My global configuration looks like (with actual values instead of these dummies):
Vault URL: https://1.2.3.4:1234 Vault Credential: Vault Jenkins Approle 1
My pipeline is defined like so:
node {
// define the secrets and the env variables
def secrets = [
[
$class: 'VaultSecret', path: 'jenkins/test', secretValues: [
[$class: 'VaultSecretValue', envVar: 'blah1', vaultKey: 'value']
]
],
] def configuration = [$class: 'VaultConfiguration',
vaultCredentialId: 'vault-jenkins-approle-1'] stage('Test') {
// inside this block your credentials will be available as env variables
wrap([$class: 'VaultBuildWrapper', configuration: configuration, vaultSecrets: secrets]) {
sh 'echo "blah1: $blah1"'
}
}
}
And here is the output:
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Test)
[Pipeline] wrap
[Pipeline] // wrap
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
Caused: javax.net.ssl.SSLHandshakeException
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
at com.bettercloud.vault.rest.Rest.postOrPutImpl(Rest.java:369)
Caused: com.bettercloud.vault.rest.RestException
at com.bettercloud.vault.rest.Rest.postOrPutImpl(Rest.java:386)
at com.bettercloud.vault.rest.Rest.post(Rest.java:276)
at com.bettercloud.vault.api.Auth.loginByAppRole(Auth.java:228)
Caused: com.bettercloud.vault.VaultException
at com.bettercloud.vault.api.Auth.loginByAppRole(Auth.java:253)
at com.datapipe.jenkins.vault.credentials.VaultAppRoleCredential.authorizeWithVault(VaultAppRoleCredential.java:42)
at com.datapipe.jenkins.vault.VaultAccessor.auth(VaultAccessor.java:29)
at com.datapipe.jenkins.vault.VaultBuildWrapper.provideEnvironmentVariablesFromVault(VaultBuildWrapper.java:142)
at com.datapipe.jenkins.vault.VaultBuildWrapper.setUp(VaultBuildWrapper.java:91)
at org.jenkinsci.plugins.workflow.steps.CoreWrapperStep$Execution.start(CoreWrapperStep.java:80)
at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:224)
at org.jenkinsci.plugins.workflow.cps.DSL.invokeMethod(DSL.java:150)
at org.jenkinsci.plugins.workflow.cps.CpsScript.invokeMethod(CpsScript.java:108)
at sun.reflect.GeneratedMethodAccessor3640.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1213)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:42)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:157)
at org.kohsuke.groovy.sandbox.GroovyInterceptor.onMethodCall(GroovyInterceptor.java:23)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:133)
at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:155)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:159)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:129)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:129)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:16)
Caused: com.datapipe.jenkins.vault.exception.VaultPluginException: could not log in into vault
at com.datapipe.jenkins.vault.credentials.VaultAppRoleCredential.authorizeWithVault(VaultAppRoleCredential.java:44)
at com.datapipe.jenkins.vault.VaultAccessor.auth(VaultAccessor.java:29)
at com.datapipe.jenkins.vault.VaultBuildWrapper.provideEnvironmentVariablesFromVault(VaultBuildWrapper.java:142)
at com.datapipe.jenkins.vault.VaultBuildWrapper.setUp(VaultBuildWrapper.java:91)
at org.jenkinsci.plugins.workflow.steps.CoreWrapperStep$Execution.start(CoreWrapperStep.java:80)
at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:224)
at org.jenkinsci.plugins.workflow.cps.DSL.invokeMethod(DSL.java:150)
at org.jenkinsci.plugins.workflow.cps.CpsScript.invokeMethod(CpsScript.java:108)
at sun.reflect.GeneratedMethodAccessor3640.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1213)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:42)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:157)
at org.kohsuke.groovy.sandbox.GroovyInterceptor.onMethodCall(GroovyInterceptor.java:23)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:133)
at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:155)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:159)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:129)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:129)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:16)
at WorkflowScript.run(WorkflowScript:17)
at ___cps.transform___(Native Method)
at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:57)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:109)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:82)
at sun.reflect.GeneratedMethodAccessor376.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
at com.cloudbees.groovy.cps.impl.ClosureBlock.eval(ClosureBlock.java:46)
at com.cloudbees.groovy.cps.Next.step(Next.java:83)
at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:173)
at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:162)
at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:122)
at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:261)
at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:162)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:19)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:35)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:32)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:32)
at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:174)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:330)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$100(CpsThreadGroup.java:82)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:242)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:230)
at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:64)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:131)
at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Finished: FAILURE