Unable to connect to SonarCloud

Using Jenkins
1

Hello,

I’m having problems with performing SonarQube analysis on Jenkins and I can’t figure out how to fix it.
When the workflow reaches the SonarQube analysis step, it just hangs indefinitely until it hits the timeout.

Setup:
I’m hosting my Jenkins server on an EC2 t2 micro instance, the cloud agents are setup as 2 Lambda functions.

Additional notes:

  • I’m not using a reverse proxy
  • security groups of the instance allow HTTPS and HTTP traffic
  • the agents run Java11 and are able to perform any non-sonarqube type of jobs
  • I have enabled Inbound TCP Agent Protocol/4 (TLS encryption
  • I have enabled 50000 TCP port for inbound agents (required for the Lambda connections)

Observations:

  • when I attempt to ping the SonarCloud domain from the agent, I don’t receive any response (possible network issue?)
  • Jenkins system logs are not showing any errors

Console log:

process apparently never started in /tmp/workspace/multi_feat_django-app-controller@tmp/durable-013b3b48
(running Jenkins temporarily with -Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true might make the problem clearer)
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Quality Gate)
Stage "Quality Gate" skipped due to earlier failure(s)
[Pipeline] getContext
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code -2

GitHub has been notified of this commit’s build result

Finished: FAILURE

Jenkins declaration:

pipeline {
  agent any
        options {
          disableConcurrentBuilds()
        }
        stages {
          stage('Git checkout') {
          agent { label 'lambda-java'}
            steps {
              git branch: env.BRANCH_NAME , url: 'https://github.com/IliyanKostov9/portfolio.git'
            }
        }
          stage("SonarQube analysis") {
          agent { label 'lambda-java'}
            environment {
              scannerHome = tool 'SonarTool';
            }
            steps {
              script {
                withSonarQubeEnv(installationName: 'SonarCloud', credentialsId: '8049a509-1e79-4369-8240-2f413248d607') {
                  sh "${scannerHome}/bin/sonar-scanner"
                  }
              }
            }
          }
          stage("Quality Gate") {
            agent { label 'lambda-java'}
            steps {
              timeout(time: 1, unit: 'HOURS') {
               waitForQualityGate abortPipeline: true, credentialsId: 'Sonar-token'
              }
            }
          }
        }
      }

Any help would be much appreciated!

2

We gave up in the Sonar plugin as it was not working as intended, including crashing the pipelines IIRC. Instead we just embed Sonar Scanner into our CI container and call it as a regular process.

This has worked well for us for the past 5 years. The ‘downside’ is that we need to pass the sonar token explicitly to the step, but we are going to address that by writing a custom step that will get the creds and call the scanner in one line.

Note that for SonarCloud the Scanner does require JRE 17, even if you are scanning for java 11 code:

The scanner can be downloaded, with a compatible JRE here:

To test the network connectivity between your EC2 instance and Sonarcloud I would not use ping as ping is disabled on a lot of servers nowadays.

Try this:

curl https://sonarcloud.io/api/webservices/list

This should dump a big json document defining the SonarCloud API. If you can retrieve it with curl or wget then you know your EC2 instance is capable of communicating with the SonarCloud API.

1 Like
3

Hello,

thanks for your detailed response!

But isn’t the global tool for sonarqube essentially the sonar-scanner ?
Theoretically it shouldn’t behave much differently than the container one, only if there are some missing dependencies on the agent side, that the sonar-scanner requires it - but still I think it should throw an appropriate error if that was the case.

Yep I can confirm on that, running sonar scanner on jdk11 will then try to find jdk17.
Funny thing is that the furthest I’ve went with this issue is with version 11 (e.g it is actually recognizing that there is java installed), but with 17 or higher it’s stuck.

I have also tried by installing it via the global tool configuration (non-maven), but no luck :(.

Yes, that’s right, that was a noobie mistake from my part. I’m always forgetting to enable ICMP for this purpose…

I tried that and I don’t think the agents (Lambdas) were able to do so, probably because of not enabling HTTPS for Inbound TCP Agent Protocol/port.

Anyhow I decided that my t2 instance was too under-powered for performing daily CI tasks, so I have removed it.

Thanks @sodul for the help!