Chr*_* S. 8 ssl artifactory jenkins conan
我的公司对 Conan、Artifactory 和 Jenkins 很陌生,但我们在几个月前设置了一些测试管道脚本,并利用 Jenkins Artifactory 插件将一些 Conan 包发布到我们的 Artifactory 服务器。这些脚本现在因 SSL 认证失败而失败。
我们正在使用以下软件包:
当涉及到 Artifactory 配置时,我们的 pipline 脚本中的“打包和发布”阶段看起来与此类似:
stage('Package and Publish') {
def artifactory_name = "MyCompanyArtifactory"
def artifactory_repo = "conan-local"
def server = Artifactory.server artifactory_name
def client = Artifactory.newConanClient()
def serverName = client.remote.add server: server, repo: artifactory_repo
client.run(command: "export-pkg . ci-user/stable -s os=Linux -s arch=x86_64 -s build_type=Debug")
client.run(command: "export-pkg . ci-user/stable -s os=Linux -s arch=x86_64 -s build_type=Release")
String myCmd = "upload MyLib/* --all -r ${serverName} --confirm"
def bInfo = client.run(command: myCmd)
//server.publishBuildInfo bInfo
}
这段代码曾经可以工作,但我相信当我们的 IT 部门将 Artifactory 切换到 HTTPS 访问时,它就停止工作了。现在,Jenkins 在尝试为我们的存储库设置 Conan 用户时出错:
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Package and Publish)
[Pipeline] getArtifactoryServer
[Pipeline] initConanClient
[shared-mylib] $ sh -c 'conan config set log.trace_file=\"/home/builduser/jenkins/workspace/shared-mylib@tmp/conan.tmp261537390058591873/conan_log.log\" '
[Pipeline] conanAddRemote
[shared-mylib] $ sh -c "conan remote add b519966f-f612-4094-b3ea-453a017cf793 https://artifactory.mycompany.com/artifactory/api/conan/conan-local "
WARN: Remotes registry file missing, creating default one in /home/builduser/jenkins/workspace/shared-rtplib@tmp/conan.tmp261537390058591873/.conan/registry.txt
[Pipeline] conanAddUser
Adding conan user 'ci-user', server 'b519966f-f612-4094-b3ea-453a017cf793'
[shared-mylib] $ sh -c ********
ERROR: HTTPSConnectionPool(host='artifactory.mycompany.com', port=443): Max retries exceeded with url: /artifactory/api/conan/conan-local/v1/users/authenticate (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)'),))
此行为不仅限于 Jenkins 访问;当普通用户尝试访问 Artifactory Conan 存储库时也会发生这种情况,但我们可以通过添加远程存储库并将Verify_SSL设置为False(在以下命令末尾)来绕过它:
conan remote add myco-conan-local https://artifactory.mycompany.com/artifactory/api/conan/conan-local False
我相信柯南文档表明我们有两个选择:
conan remote(见上文)不幸的是,当涉及到 Jenkins 管道脚本时,我无法弄清楚如何完成这两种解决方案。所以我的问题是:
client.remote.addJenkins 管道脚本中的命令(或类似的命令)禁用 SSL 验证?对于更简单的短期解决方案,选项#1 可能是首选,但我也想了解选项#2 是如何实现的。
谢谢阅读。
dro*_*dri 10
命令:
$ conan remote add <remote-name> <remote-url> False -f
强制覆盖现有<remote-name>设置 verifyHttps=False
尽管插件 DSL 不包含该参数的接口,但它允许执行任意命令,因此您可以执行以下操作:
node {
def server = Artifactory.server "artifactory"
def client = Artifactory.newConanClient()
def serverName = client.remote.add server: server, repo: "conan-local"
stage("Setremotehttp"){
String command = "remote add ${serverName} http://localhost:8081/artifactory/api/conan/conan-local False -f"
client.run(command: command)
}
stage("Search"){
String command = "search zlib -r=${serverName}"
client.run(command: command)
}
}
需要远程的 URL,这有点重复,但我已经测试过并且它有效,因此可以用作解决方法。
| 归档时间: |
|
| 查看次数: |
11878 次 |
| 最近记录: |