gpt4 book ai didi

docker - Artifactory 插件代理导致/v1/_ping : Bad Gateway

转载 作者:行者123 更新时间:2023-12-02 19:35:02 29 4
gpt4 key购买 nike

为什么我会收到 /v1/_ping: Bad Gateway当我按照使用 artifactory plugin with docker 的说明进行操作时出错?

  • jenkins 2.60.3 与 Artifactory 插件 2.12.2
  • Enable Build-Info proxy for Docker images在端口 9999
  • Jenkins /var/lib/jenkins/secrets/jfrog/certs/jfrog.proxy.crt添加到 jenkins master 和 slave 上的 $JAVA_HOME/jre/lib/security/cacerts
  • jfrog nginx 自签名证书添加到 jenkins master 和 slave 上的 $JAVA_HOME/jre/lib/security/cacerts
  • 访问 jenkins:9999 在主机之间开放
  • /etc/systemd/system/docker.service.d/http-proxy.conf包含以下内容,与测试没有区别

    [服务]
    环境="HTTP_PROXY= http://jenkins:9999/"

    [服务]
    环境="HTTPS_PROXY= https://jenkins:9999/ "
  • 本地 docker 测试 ( docker login 127.0.0.1:9999 ) 结果为
  • Error response from daemon: Login: Bad Request to URI: /v1/users/ (Code: 400; Headers: map[Content-Length:[30] Content-Type:[text/html; chars...
  • Jenkins 测试结果在 com.github.dockerjava.api.exception.BadRequestException: Bad Request to URI: /images/artifactory:<port>/hello-world:latest/json

  • Jenkins 日志中的错误
    SEVERE: (DISCONNECTED) [id: ..., L:0.0.0.0/0.0.0.0:... ! R:artifactory/...:5000]: 
    Caught an exception on ProxyToServerConnection
    io.netty.handler.codec.DecoderException:
    javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    ...
    Caused by: sun.security.validator.ValidatorException: PKIX path building
    failed: sun.security.provider.certpath.SunCertPathBuilderException:
    unable to find valid certification path to requested target

    我的虚拟仓库,当我不使用 jenkins 代理时,它的远程和本地工作,但根据插件文档,我需要 jenkins 代理来获取 CI/CD 推广所需的构建信息。

    最佳答案

    如果 jenkins 不使用该证书文件,则将证书添加到 cacerts 的效果会稍差一些。我不确定向商店添加证书是否需要在 jenkins 中重新启动,但它似乎是 tomcat 的情况,所以这可能就是 jenkins 的工作方式。

  • 配置 jenkins 实例以使用私有(private) keystore cloudbees doc on keystore
  • 将 $JENKINS_HOME/secrets/jfrog/certs/jfrog.proxy.crt 复制到/etc/docker/certs.d/:/ca.crt
  • 重启 docker
  • 重启jenkins
  • 在跟踪 Jenkins 日志时通过命令行测试代理 - PASS
    docker rmi artifactory:5000/hello-world:latest
    docker pull artifactory:5000/hello-world:latest

  • 这应该使用 /etc/systemd/system/docker.service.d/http-proxy.conf HTTP_PROXY 并在转到实际的 Artifactory 主机时转到 jenkins 代理。所需的 key 应在商店中找到,因此 ssl 握手会很好并且使用 v2 api。如果没有,您将在 jenkins.log 中看到错误
  • 通过 shell 在节点上测试 helloworld
    node("docker-experiments") {
    withCredentials([usernamePassword(
    credentialsId: 'artifactory.jenkins.user',
    passwordVariable: 'ARTIFACTORY_PASSWORD',
    usernameVariable: 'ARTIFACTORY_USER')]) {

    sh "uname -a "
    def registry="artifactory:5000"
    def tag="${registry}/hello-world:${BUILD_NUMBER}-shelltest"
    stage('login') {
    sh "docker login ${registry} -u ${ARTIFACTORY_USER} -p ${ARTIFACTORY_PASSWORD}"
    }
    stage('pull and tag') {
    sh "docker pull hello-world"
    sh "docker tag hello-world:latest ${tag}"
    }
    stage('push') {
    sh "docker push ${tag}"
    }
    }
    }
  • 通过 artifactory 插件在节点上测试 helloworld
    node("docker-experiments") {
    withCredentials([usernamePassword(
    credentialsId: 'artifactory.jenkins.user',
    passwordVariable: 'ARTIFACTORY_PASSWORD',
    usernameVariable: 'ARTIFACTORY_USER')]) {

    def server = Artifactory.server "artifactory01"
    def artDocker = Artifactory.docker(username: ARTIFACTORY_USER,
    password: ARTIFACTORY_PASSWORD)

    def registry="artifactory:5000"
    def tag="${registry}/hello-world:${BUILD_NUMBER}-artifactoryTest"
    def dockerInfo

    stage('pull and tag') {
    sh "docker tag hello-world:latest ${tag}"
    }

    stage('push') {
    dockerInfo = artDocker.push "${tag}", "docker-local"
    }
    stage('publish') {
    server.publishBuildInfo(dockerInfo)
    }
    }
    }
  • 关于docker - Artifactory 插件代理导致/v1/_ping : Bad Gateway,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46413703/

    29 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com