-
Bug
-
Resolution: Not A Defect
-
Major
-
None
-
EKS-1.17.17
Jenkins 2.302-2
Git plugin 4.8.3
Hi,
We have a Kubernetes cluster on EKS version v1.17.17, in this cluster, we have deployed Gitlab(Community Edition 13.4.1) and Jenkins(2.302-2).
We have configured a Jenkins pipeline to retrieve and build code from Gitlab.
The pipeline uses SCM functionality to retrieve code and Jenkinsfile from Gitlab, the configuration has worked for 6 months, but with the new version, we are not able anymore to checkout code from GitLab.
Following the error:
Started by user
Domenico
Obtained Jenkinsfile from git
https:// gitlab.xxxx.yy/boc-api.git
Running in Durability level: MAX_SURVIVABILITY[Pipeline] Start of Pipeline[Pipeline] podTemplate[Pipeline] {[Pipeline] nodeCreated Pod: kubernetes devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn
[Normal][devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn][Scheduled] Successfully assigned devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn to ip-192-168-206-158.eu-central-1.compute.internal[Normal][devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn][Pulled] Container image "docker:18.09.6" already present on machine
[Normal][devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn][Created] Created container docker-cmds
[Normal][devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn][Started] Started container docker-cmds
[Normal][devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn][Pulled] Container image "docker:18.09.6-dind" already present on machine
[Normal][devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn][Created] Created container dind-daemon
[Normal][devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn][Started] Started container dind-daemon
[Normal][devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn][Pulled] Container image "jenkins/inbound-agent:4.3-4" already present on machine
[Normal][devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn][Created] Created container jnlp
[Normal][devops/dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn][Started] Started container jnlpAgent dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn is provisioned from template dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th
—
apiVersion: "v1"
kind: "Pod"
metadata:
annotations:
buildUrl: "http://10.100.45.242:8080/job/pilot5b-boc_api-build/20/"
runUrl: "job/pilot5b-boc_api-build/20/"
labels:
jenkins: "slave"
jenkins/label-digest: "2459d1a389f9febd19799b6ee428fc3e6bfdcd4f"
jenkins/label: "dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529"
name: "dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn"
spec:
containers:
- env:
- name: "DOCKER_HOST"
value: "tcp://localhost:2375"
image: "docker:18.09.6"
name: "docker-cmds"
resources:
requests:
cpu: "100m"
memory: "256Mi"
tty: true
volumeMounts: - mountPath: "/home/jenkins/agent"
name: "workspace-volume"
readOnly: false - image: "docker:18.09.6-dind"
name: "dind-daemon"
resources:
requests:
cpu: "100m"
memory: "512Mi"
securityContext:
privileged: true
tty: true
volumeMounts: - mountPath: "/var/lib/docker"
name: "docker-graph-storage" - mountPath: "/home/jenkins/agent"
name: "workspace-volume"
readOnly: false - env:
- name: "JENKINS_SECRET"
value: "********" - name: "JENKINS_TUNNEL"
value: "10.100.57.185:50000" - name: "JENKINS_AGENT_NAME"
value: "dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn" - name: "JENKINS_NAME"
value: "dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn" - name: "JENKINS_AGENT_WORKDIR"
value: "/home/jenkins/agent" - name: "JENKINS_URL"
value: "http://10.100.45.242:8080/"
image: "jenkins/inbound-agent:4.3-4"
name: "jnlp"
resources:
limits: {}
requests:
memory: "256Mi"
cpu: "100m"
volumeMounts: - mountPath: "/home/jenkins/agent"
name: "workspace-volume"
readOnly: false
nodeSelector:
kubernetes.io/os: "linux"
restartPolicy: "Never"
volumes: - emptyDir: {}
name: "docker-graph-storage" - emptyDir:
medium: ""
name: "workspace-volume"Running on
dind-a6ff8d3f-e9ef-4a36-9ffd-b52b3e5b2529-7j7th-1svnn
in /home/jenkins/agent/workspace/pilot5b-boc_api-build[Pipeline] {[Pipeline] checkoutThe recommended git tool is: gitusing credential GitLabUser Cloning the remote Git repository ERROR: Error cloning remote repo 'origin' hudson.plugins.git.GitException: Command "git fetch --tags --force --progress – +refs/heads/*:refs/remotes/origin/*" returned status code 128: stdout: stderr: fatal: unable to access ' ': server certificate verification failed. CAfile: none CRLfile: none at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2681) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2102) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:86) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:624) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:853) at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:160) at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:153) at hudson.remoting.UserRequest.perform(UserRequest.java:211) at hudson.remoting.UserRequest.perform(UserRequest.java:54) at hudson.remoting.Request$2.run(Request.java:369) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:117) at java.lang.Thread.run(Thread.java:748) Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from ip-192-168-122-254.eu-central-1.compute.internal/192.168.122.254:38622 at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1795) at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:356) at hudson.remoting.Channel.call(Channel.java:1001) at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:145) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:131) at com.sun.proxy.$Proxy82.execute(Unknown Source) at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1227) at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1305) at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:129) at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:97) at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:84) at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829)[Pipeline] }[Pipeline] // node[Pipeline] }[Pipeline] // podTemplate[Pipeline] End of PipelineERROR: Error cloning remote repo 'origin'Cloning repository https://gitlab.xxxx.yy/pilot5b/boc-api.git > git init /home/jenkins/agent/workspace/pilot5b-boc_api-build # timeout=10
Fetching upstream changes from https://gitlab.xxxx.yy/pilot5b/boc-api.git > git --version # timeout=10
> git --version # 'git version 2.20.1'
using GIT_ASKPASS to set credentials User used for connecting to GitLab
> git fetch --tags --force --progress – https://gitlab.xxxx.yy/pilot5b/boc-api.git +refs/heads/:refs/remotes/origin/ # timeout=10Finished: FAILURE
If I try to use the command:
git clone https://user:password@ gitlab.xxxx.yy /pilot5b/boc-api.git
from a local shell, it works and of course, the certificate is valid.
At the moment the only workaround I found is to configure the pipeline with:
"pipeline script" instead of "pipeline from SCM"
And I created a step like this:
stage('clone-fix') {
container('docker-cmds') {
withCredentials([[$class: 'UsernamePasswordMultiBinding',
credentialsId: 'GitLabUser',
usernameVariable: 'JENKINSGIT_USER',
passwordVariable: 'JENKINSGIT_PASSWORD']]) {
sh """
apk update
apk add git
git clone https://$
:${JENKINSGIT_PASSWORD}@gitlab.xxxx.yy /pilot5b/boc-api.git
"""
updateGitlabCommitStatus name: 'build', state: 'success'
}
}
}