Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: --sslskipcertvalidation not working with service #4465

Closed
1 of 4 tasks
gaui opened this issue Oct 10, 2023 · 1 comment
Closed
1 of 4 tasks

[BUG]: --sslskipcertvalidation not working with service #4465

gaui opened this issue Oct 10, 2023 · 1 comment
Labels
Area: Agent bug

Comments

@gaui
Copy link

gaui commented Oct 10, 2023

What happened?

I have a self-hosted SonarQube instance running with a self-hosted Azure DevOps agent.

When I run:

./config.sh --unattended \
  --agent "${AZP_AGENT_NAME:-$(hostname)}" \
  --url "$AZP_URL" \
  --auth PAT \
  --token $(cat "$AZP_TOKEN_FILE") \
  --pool "${AZP_POOL:-Default}" \
  --work "${AZP_WORK:-_work}" \
  --replace \
  --acceptTeeEula \
  --sslskipcertvalidation & wait $!

It configures the agent.

Case nr. 1: I run the systemd service with sudo ./svc.sh start

When I run the pipeline and the SonarQubePrepare task (which uses a service connection pointing to our self-hosted instance, I get:

##[debug]Agent.SkipCertValidation=True
##[error][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}

On the agent VM itself, I run:

$ curl https://sonarqube-test.domain.tld/api/server/version
9.9.0.65466

$ node test.js
9.9.0.65466

Which tells me that the certificate CA is in both the Linux certificate store and in the Node.js certificate store.

Case nr. 2: I run the agent in the foreground with ./run.sh

When I run the pipeline and the SonarQubePrepare task (which uses a service connection pointing to our self-hosted instance, I get:

##[debug]Agent.SkipCertValidation=True
##[debug][SQ] API GET: '/api/server/version' with query "undefined"
##[debug]Response: 200 Body: "9.9.0.65466"

Versions

Azure DevOps version 3.227.1 / Ubuntu 20.04

Environment type (Please select at least one enviroment where you face this issue)

  • Self-Hosted
  • Microsoft Hosted
  • VMSS Pool
  • Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

No response

Operation system

No response

Version controll system

No response

Relevant log output

##[debug]System.TeamFoundationCollectionUri=https://dev.azure.com/innovamps/
##[debug]System.PullRequest.PullRequestId=undefined
##[debug]Build.Repository.Provider=TfsGit
##[debug]Build.SourceBranch=refs/heads/master
##[debug]SYSTEMVSSCONNECTION exists true
##[debug]Build.Repository.Name=cli
##[debug]System.TeamProject=DevOps
##[debug]Default branch of this repository is 'refs/heads/master'
##[debug]SonarCloud or SonarQube version >= 7.2.0 detected, setting report-task.txt file to its newest location.
##[debug]Agent.TempDirectory=/azp/agent/_work/_temp
##[debug]Build.BuildId=328210
##[debug][SQ] Branch and PR parameters: {"sonar.scanner.metadataFilePath":"/azp/agent/_work/_temp/sonar/328210/e25d2ab5-1eca-1aaf-1c10-23c889e7e67d/report-task.txt"}
##[debug]extraProperties=# Additional properties that will be passed to the scanner, 
# Put one key=value per line, example:
# sonar.exclusions=**/*.bin
##[debug]set SONARQUBE_SERVER_VERSION=9.9.0
##[debug]Processed: ##vso[task.setvariable variable=SONARQUBE_SERVER_VERSION;isOutput=false;issecret=false;]9.9.0
##[debug]set SONARQUBE_SCANNER_MODE=CLI
##[debug]Processed: ##vso[task.setvariable variable=SONARQUBE_SCANNER_MODE;isOutput=false;issecret=false;]CLI
##[debug]set SONARQUBE_SCANNER_REPORTTASKFILE=/azp/agent/_work/_temp/sonar/328210/e25d2ab5-1eca-1aaf-1c10-23c889e7e67d/report-task.txt
##[debug]Processed: ##vso[task.setvariable variable=SONARQUBE_SCANNER_REPORTTASKFILE;isOutput=false;issecret=false;]/azp/agent/_work/_temp/sonar/328210/e25d2ab5-1eca-1aaf-1c10-23c889e7e67d/report-task.txt
##[debug]set SONARQUBE_ENDPOINT=********
##[debug]Processed: ##vso[task.setvariable variable=SONARQUBE_ENDPOINT;isOutput=false;issecret=true;]***
##[debug]extraProperties=# Additional properties that will be passed to the scanner, 
# Put one key=value per line, example:
# sonar.exclusions=**/*.bin
##[debug]set SONARQUBE_SCANNER_MODE=CLI
##[debug]Processed: ##vso[task.setvariable variable=SONARQUBE_SCANNER_MODE;isOutput=false;issecret=false;]CLI
##[debug]set SONARQUBE_ENDPOINT=********
##[debug]Processed: ##vso[task.setvariable variable=SONARQUBE_ENDPOINT;isOutput=false;issecret=true;]***
##[debug]set SONARQUBE_SCANNER_PARAMS={"sonar.host.url":"https://sonarqube-test.domain.tld/","sonar.login":***,"project.settings":"/azp/agent/_work/1/s/sonar-project.properties","sonar.scanner.metadataFilePath":"/azp/agent/_work/_temp/sonar/328210/e25d2ab5-1eca-1aaf-1c10-23c889e7e67d/report-task.txt"}
##[debug]Processed: ##vso[task.setvariable variable=SONARQUBE_SCANNER_PARAMS;isOutput=false;issecret=false;]{"sonar.host.url":"https://sonarqube-test.domain.tld/","sonar.login":***,"project.settings":"/azp/agent/_work/1/s/sonar-project.properties","sonar.scanner.metadataFilePath":"/azp/agent/_work/_temp/sonar/328210/e25d2ab5-1eca-1aaf-1c10-23c889e7e67d/report-task.txt"}
Finishing: SonarQubePrepare
@gaui gaui added the bug label Oct 10, 2023
@kirill-ivlev
Copy link
Contributor

Hi @gaui,
Thank you for reporting this issue,
This issue is not related to the agent but to the SonarQube extension as well,
From the technical perspective, tasks owners also should correctly handle proxy/ssl configuration from their tasks.
We cannot affect third-party tasks, you can reach out to this extension owners directly.
Please let me know if you have any additional questions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: Agent bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gaui @kirill-ivlev