Я довольно долго борюсь со странной проблемой.
Наша установка следующая:
У нас есть корпоративный прокси, который поддерживает basi c, ntlm и kerberos / согласовать аутентификацию (cc для скручивания вывода и оператора прокси). Этот прокси-сервер настроен в настройках GIT для http и https на подчиненном Linux. Кроме того, для метода git proxy auth установлено значение «basi c».
http.proxy=http://:@corpproxy.com:8080
http.proxyauthmethod=basic
https.proxy=https://:@corpproxy.com:8080
credential.helper=cache
Для этого прокси-сервера обычно требуются учетные данные для аутентификации, но как-то он работает без (пока мы не столкнемся с проблемой 407 *). ошибка).
На мастере Jenkins настроен другой прокси-сервер (для установки плагина), который поддерживает только базовую c аутентификацию.
Учетные данные, используемые для доступа к репо git, отличается от требуемых учетных данных для доступа proxy / inte rnet.
В настоящее время происходит то, что сборка выполняется нормально в большинстве случаев, но иногда мы получаем ошибку «InvalidFileDescriptor». Затем я включил параметры трассировки git, чтобы получить больше выходных данных на консоли.
Я знаю, что с помощью выделенного прокси-сервера CNTLM это может решить проблему, скорее всего, но прежде чем сделать это как последний вариант, я просто хотел бы понять, почему мы только время от времени получаем ошибку 407.
Вот журнал такой неудачной сборки:
Started by timer
> /usr/bin/git rev-parse --is-inside-work-tree # timeout=10
Setting origin to https://....
> /usr/bin/git config remote.origin.url https://... # timeout=10
Fetching origin...
Fetching upstream changes from origin
> /usr/bin/git --version # timeout=10
> /usr/bin/git config --get remote.origin.url # timeout=10
using GIT_ASKPASS to set credentials [git access credentials]
Setting http proxy: [Jenkins Master Configured Proxy]
> /usr/bin/git fetch --tags --progress -- origin +refs/heads/*:refs/remotes/origin/* # timeout=10
Seen branch in repository origin/every_10_minutes
Seen branch in repository origin/every_10_minutes_linux_slave_old
Seen branch in repository origin/every_1_minute
Seen branch in repository origin/every_5_minutes
Seen branch in repository origin/manual_trigger
Seen branch in repository origin/master
Seen 6 remote branches
Obtained ... from ...
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] Start of Pipeline
[Pipeline] node
Running on [jenkins slave] in /var/jenkins/workspace/...
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Checkout SCM)
[Pipeline] checkout
using credential ...
Fetching changes from the remote Git repository
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from https://...
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:899)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1114)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1145)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:124)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:93)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:80)
at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: hudson.plugins.git.GitException: Command "/usr/bin/git fetch --tags --progress https://...
+refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: trace: built-in: git 'fetch' '--tags' '--progress' 'https://....' '+refs/heads/*:refs/remotes/origin/*'
trace: run_command: 'git-remote-https' 'https://....' 'https://....'
* Couldn't find host gitserverhost.com in the .netrc file; using defaults
* About to connect() to proxy [corp proxy host] port 8080 (#0)
* Trying [corp proxy ip]...
* Connected to [corp proxy host] ([corp proxy ip]) port 8080 (#0)
* Establish HTTP proxy tunnel to gitserverhost.com:443
> CONNECT gitserverhost.com:443 HTTP/1.1
Host: gitserverhost.com:443
User-Agent: git/1.8.3.1
Proxy-Connection: Keep-Alive
Pragma: no-cache
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NEGOTIATE
< Proxy-Authenticate: NTLM
< Proxy-Authenticate: BASIC realm="COMPANY_BCAAA"
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Proxy-Connection: close
< Connection: close
< Content-Length: 7400
<
* Ignore 7400 bytes of response-body
* Connect me again please
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -5999 (PR_BAD_DESCRIPTOR_ERROR)
* Invalid file descriptor
* Couldn't find host gitserverhost.com in the .netrc file; using defaults
* Found bundle for host gitserverhost.com: 0x72f880
* About to connect() to proxy [corp proxy host] port 8080 (#1)
* Trying [corp proxy ip]...
* Connected to [corp proxy host] ([corp proxy ip]) port 8080 (#1)
* Establish HTTP proxy tunnel to gitserverhost.com:443
> CONNECT gitserverhost.com:443 HTTP/1.1
Host: gitserverhost.com:443
User-Agent: git/1.8.3.1
Proxy-Connection: Keep-Alive
Pragma: no-cache
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NEGOTIATE
* gss_init_sec_context() failed: : Ticket expired
< Proxy-Authenticate: NTLM
< Proxy-Authenticate: BASIC realm="COMPANY_BCAAA"
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Proxy-Connection: close
< Connection: close
< Content-Length: 7400
<
* Received HTTP code 407 from proxy after CONNECT
* Connection #1 to host [corp proxy host] left intact
fatal: unable to access 'https://..../': Invalid file descriptor
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2372)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1985)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:80)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:563)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:161)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:154)
at hudson.remoting.UserRequest.perform(UserRequest.java:212)
at hudson.remoting.UserRequest.perform(UserRequest.java:54)
at hudson.remoting.Request$2.run(Request.java:369)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
at java.util.concurrent.FutureTask.run(FutureTask.java:277)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93)
at hudson.remoting.Engine$1$$Lambda$3/00000000C00063D0.run(Unknown Source)
at java.lang.Thread.run(Thread.java:820)
Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from 10.255.0.4/10.255.0.4:55586
at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1743)
at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357)
at hudson.remoting.Channel.call(Channel.java:957)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:146)
at sun.reflect.GeneratedMethodAccessor233.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:132)
at com.sun.proxy.$Proxy90.execute(Unknown Source)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:897)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1114)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1145)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:124)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:93)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:80)
at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
> /usr/bin/git rev-parse --is-inside-work-tree # timeout=10
> /usr/bin/git config remote.origin.url https://.... # timeout=10
Fetching upstream changes from https://....
> /usr/bin/git --version # timeout=10
using GIT_ASKPASS to set credentials [git access credentials]
Setting http proxy: [Jenkins Master Configured Proxy]
> /usr/bin/git fetch --tags --progress https://.... +refs/heads/*:refs/remotes/origin/* # timeout=10
[Pipeline] End of Pipeline
ERROR: Error fetching remote repo 'origin'
Finished: FAILURE