/ v1 / _ping中的Artifactory插件代理结果:错误的网关
为什么我得到/v1/_ping: Bad Gateway
错误,当我按照使用/v1/_ping: Bad Gateway
artifactory插件的说明?
- jenkins 2.60.3与Artifactory插件2.12.2
- 在端口9999上
Enable Build-Info proxy for Docker images
- jenkins
/var/lib/jenkins/secrets/jfrog/certs/jfrog.proxy.crt
添加到jenkins master和slave上的$ JAVA_HOME / jre / lib / security / cacerts - JFrog Nginx的自签名证书添加到$ JAVA_HOME / jre / lib /安全/ cacerts上jenkins主从
- 进入jenkins:主机之间打开9999
-
/etc/systemd/system/docker.service.d/http-proxy.conf
包含以下内容,与testing没有区别[Service] Environment =“HTTP_PROXY = http:// jenkins:9999 / ”
[Service] Environment =“HTTPS_PROXY = https:// jenkins:9999 / ”
-
本地dockertesting(
docker login 127.0.0.1:9999
)结果
Error response from daemon: Login: Bad Request to URI: /v1/users/ (Code: 400; Headers: map[Content-Length:[30] Content-Type:[text/html; chars...
- Jenkins在
com.github.dockerjava.api.exception.BadRequestException: Bad Request to URI: /images/artifactory:<port>/hello-world:latest/json
testing结果com.github.dockerjava.api.exception.BadRequestException: Bad Request to URI: /images/artifactory:<port>/hello-world:latest/json
jenkins日志中的错误
SEVERE: (DISCONNECTED) [id: ..., L:0.0.0.0/0.0.0.0:... ! R:artifactory/...:5000]: Caught an exception on ProxyToServerConnection io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem ... Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我的虚拟回购,其远程和本地工作,当我不使用jenkins代理,但根据插件文档我需要jenkins代理获取我需要的CI / CD推广的构build信息。
如果jenkins不使用该证书文件,那么将证书添加到cacerts的效果会稍差。 我不确定添加证书到商店是否需要在jenkins中重新启动,但对于tomcat来说似乎是这样,所以这可能就是jenkins的工作原理。
- 将jenkins实例configuration为在密钥库上使用私钥keystore cloudbees文档
- 将$ JENKINS_HOME / secrets / jfrog / certs / jfrog.proxy.crt复制到/etc/docker/certs.d/:/ca.crt
- 重启Docker
- 重新开始jenkins
-
testing代理通过命令行,而尾随jenkins日志 – 通过
docker rmi artifactory:5000/hello-world:latest docker pull artifactory:5000/hello-world:latest
这应该使用/etc/systemd/system/docker.service.d/http-proxy.conf
HTTP_PROXY,然后转到jenkins代理,然后去实际artifactory主机。 应该在商店中find所需的密钥,所以ssl握手会很好,并使用v2 api。 如果没有,你会在jenkins.log中看到错误
-
通过shell在节点上testinghelloworld
node("docker-experiments") { withCredentials([usernamePassword( credentialsId: 'artifactory.jenkins.user', passwordVariable: 'ARTIFACTORY_PASSWORD', usernameVariable: 'ARTIFACTORY_USER')]) { sh "uname -a " def registry="artifactory:5000" def tag="${registry}/hello-world:${BUILD_NUMBER}-shelltest" stage('login') { sh "docker login ${registry} -u ${ARTIFACTORY_USER} -p ${ARTIFACTORY_PASSWORD}" } stage('pull and tag') { sh "docker pull hello-world" sh "docker tag hello-world:latest ${tag}" } stage('push') { sh "docker push ${tag}" } } }
-
通过artifactory插件在节点上testinghelloworld
node("docker-experiments") { withCredentials([usernamePassword( credentialsId: 'artifactory.jenkins.user', passwordVariable: 'ARTIFACTORY_PASSWORD', usernameVariable: 'ARTIFACTORY_USER')]) { def server = Artifactory.server "artifactory01" def artDocker = Artifactory.docker(username: ARTIFACTORY_USER, password: ARTIFACTORY_PASSWORD) def registry="artifactory:5000" def tag="${registry}/hello-world:${BUILD_NUMBER}-artifactoryTest" def dockerInfo stage('pull and tag') { sh "docker tag hello-world:latest ${tag}" } stage('push') { dockerInfo = artDocker.push "${tag}", "docker-local" } stage('publish') { server.publishBuildInfo(dockerInfo) } } }