docker -/v1/_ping中的Artifactory插件代理结果:错误的网关

当我按照artifactory plugin with docker的使用说明进行操作时，为什么会出现/v1/_ping: Bad Gateway错误？

带有Artifactory插件2.12.2的

jenkins 2.60.3

9999端口

上的

Enable Build-Info proxy for Docker images

jenkins /var/lib/jenkins/secrets/jfrog/certs/jfrog.proxy.crt已添加到jenkins主和从

的$ JAVA_HOME / jre / lib / security / cacerts中

jfrog nginx自签名证书已添加到jenkins主服务器和从服务器上的$ JAVA_HOME / jre / lib / security / cacerts

访问jenkins:9999在主机之间打开

/etc/systemd/system/docker.service.d/http-proxy.conf包含以下内容，与测试没有区别

[服务]
Environment =“HTTP_PROXY = http://jenkins:9999/”

[服务]
Environment =“HTTPS_PROXY = https://jenkins:9999/”

本地docker测试(docker login 127.0.0.1:9999)结果产生

Error response from daemon: Login: Bad Request to URI: /v1/users/ (Code: 400; Headers: map[Content-Length:[30] Content-Type:[text/html; chars...

Jenkins

com.github.dockerjava.api.exception.BadRequestException: Bad Request to URI: /images/artifactory:<port>/hello-world:latest/json

中的测试结果

Jenkins日志中的错误

SEVERE: (DISCONNECTED) [id: ..., L:0.0.0.0/0.0.0.0:... ! R:artifactory/...:5000]:
Caught an exception on ProxyToServerConnection
io.netty.handler.codec.DecoderException:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
...
Caused by: sun.security.validator.ValidatorException: PKIX path building
 failed: sun.security.provider.certpath.SunCertPathBuilderException:
 unable to find valid certification path to requested target

当我不使用jenkins代理时，我的虚拟仓库，它的远程和本地工作，但是根据插件文档，我需要jenkins代理来获取我需要进行CI / CD推广的构建信息。

最佳答案

如果jenkins不使用证书文件，则将证书添加到cacert的效果会稍差一些。我不确定向商店添加证书是否需要在jenkins中重新启动，但是tomcat的情况确实如此，因此这可能就是jenkins的工作方式。

配置jenkins实例以使用私有(private)密钥库cloudbees doc on keystore

将$ JENKINS_HOME / secrets / jfrog / certs / jfrog.proxy.crt复制到/etc/docker/certs.d/:/ca.crt

重新启动docker

重新启动 Jenkins

尾随jenkins日志时，通过命令行

测试代理-PASS
docker rmi artifactory:5000/hello-world:latestdocker pull artifactory:5000/hello-world:latest

这应该使用/etc/systemd/system/docker.service.d/http-proxy.conf HTTP_PROXY并在转到实际 Artifact 主机时转到jenkins代理。应该在商店中找到所需的密钥，以便ssl握手很好并且使用v2 api。如果没有，您将在jenkins.log中看到错误

通过shell在节点上测试helloworld

node("docker-experiments") {
withCredentials([usernamePassword(
    credentialsId: 'artifactory.jenkins.user',
    passwordVariable: 'ARTIFACTORY_PASSWORD',
    usernameVariable: 'ARTIFACTORY_USER')]) {

    sh "uname -a "
    def registry="artifactory:5000"
    def tag="${registry}/hello-world:${BUILD_NUMBER}-shelltest"
    stage('login') {
        sh "docker login ${registry} -u ${ARTIFACTORY_USER} -p ${ARTIFACTORY_PASSWORD}"
    }
    stage('pull and tag') {
        sh "docker pull hello-world"
        sh "docker tag hello-world:latest ${tag}"
    }
    stage('push') {
        sh "docker push ${tag}"
    }
}
}

通过人工插件在节点上测试helloworld

node("docker-experiments") {
withCredentials([usernamePassword(
    credentialsId: 'artifactory.jenkins.user',
    passwordVariable: 'ARTIFACTORY_PASSWORD',
    usernameVariable: 'ARTIFACTORY_USER')]) {

    def server = Artifactory.server "artifactory01"
    def artDocker = Artifactory.docker(username: ARTIFACTORY_USER,
                                       password: ARTIFACTORY_PASSWORD)

    def registry="artifactory:5000"
    def tag="${registry}/hello-world:${BUILD_NUMBER}-artifactoryTest"
    def dockerInfo

    stage('pull and tag') {
        sh "docker tag hello-world:latest ${tag}"
    }

    stage('push') {
      dockerInfo = artDocker.push "${tag}", "docker-local"
    }
    stage('publish') {
        server.publishBuildInfo(dockerInfo)
    }
}
}

关于docker -/v1/_ping中的Artifactory插件代理结果:错误的网关，我们在Stack Overflow上找到一个类似的问题：https://stackoverflow.com/questions/46413703/