这是一起由Nexus证书导入错误造成的Jenkins运行异常。
最近,同事修改了Nexus服务器的host name,结果导致Jenkins里的任务全都执行不了了。虽然job的配置都已经更新指向新的Nexus地址,但是,当job将编译好的artifact上传到Nexus服务器时Jenkins总是报Peer not authenticated错误。Jenkins master/slave通过SSL访问Nexus。
...
Waiting for Jenkins to finish collecting data
[JENKINS] Archiving D:\workspace\workspace\mmmmmmm parent\pom.xml to com.mmmmmmm/parent/2.1.0.2-SNAPSHOT/parent-2.1.0.2-SNAPSHOT.pom
channel stopped
Maven RedeployPublisher use remote slave001 maven settings from : d:\apache-maven-3.3.9\conf\settings.xml
[INFO] Deployment in https://nnnnnnn.mmmmmmm.local:10000/nexus/content/repositories/mmmmmmm-next-snapshots/ (id=snapshots,uniqueVersion=true)
Deploying the main artifact parent-2.1.0.2-SNAPSHOT.pom
Downloading: https://nnnnnnn.mmmmmmm.local:10000/nexus/content/repositories/mmmmmmm-next-snapshots/de/mmmmmmm/parent/2.1.0.2-SNAPSHOT/maven-metadata.xml
ERROR: Failed to retrieve remote metadata com.mmmmmmm:parent:2.1.0.2-SNAPSHOT/maven-metadata.xml: Could not transfer metadata com.mmmmmmm:parent:2.1.0.2-SNAPSHOT/maven-metadata.xml from/to snapshots (https://nnnnnnn.mmmmmmm.local:10000/nexus/content/repositories/mmmmmmm-next-snapshots/): peer not authenticated
org.apache.maven.artifact.deployer.ArtifactDeploymentException: Failed to retrieve remote metadata com.mmmmmmm:parent:2.1.0.2-SNAPSHOT/maven-metadata.xml: Could not transfer metadata com.mmmmmmm:parent:2.1.0.2-SNAPSHOT/maven-metadata.xml from/to snapshots (https://nnnnnnn.mmmmmmm.local:10000/nexus/content/repositories/mmmmmmm-next-snapshots/): peer not authenticated
at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(DefaultArtifactDeployer.java:143)
at hudson.maven.reporters.MavenArtifactRecord.deploy(MavenArtifactRecord.java:193)
at hudson.maven.RedeployPublisher.perform(RedeployPublisher.java:176)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:782)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:723)
at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.post2(MavenModuleSetBuild.java:1037)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:668)
at hudson.model.Run.execute(Run.java:1763)
at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:529)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:410)
Caused by: org.eclipse.aether.deployment.DeploymentException: Failed to retrieve remote metadata com.mmmmmmm:parent:2.1.0.2-SNAPSHOT/maven-metadata.xml: Could not transfer metadata com.mmmmmmm:parent:2.1.0.2-SNAPSHOT/maven-metadata.xml from/to snapshots (https://nnnnnnn.mmmmmmm.local:10000/nexus/content/repositories/mmmmmmm-next-snapshots/): peer not authenticated
at org.eclipse.aether.internal.impl.DefaultDeployer.upload(DefaultDeployer.java:470)
at org.eclipse.aether.internal.impl.DefaultDeployer.deploy(DefaultDeployer.java:314)
at org.eclipse.aether.internal.impl.DefaultDeployer.deploy(DefaultDeployer.java:269)
at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy(DefaultRepositorySystem.java:413)
at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(DefaultArtifactDeployer.java:139)
... 11 more
Caused by: org.eclipse.aether.transfer.MetadataTransferException: Could not transfer metadata com.mmmmmmm:parent:2.1.0.2-SNAPSHOT/maven-metadata.xml from/to snapshots (https://nnnnnnn.mmmmmmm.local:10000/nexus/content/repositories/mmmmmmm-next-snapshots/): peer not authenticated
at org.eclipse.aether.connector.wagon.WagonRepositoryConnector$5.wrap(WagonRepositoryConnector.java:995)
at org.eclipse.aether.connector.wagon.WagonRepositoryConnector$5.wrap(WagonRepositoryConnector.java:983)
at org.eclipse.aether.connector.wagon.WagonRepositoryConnector$GetTask.run(WagonRepositoryConnector.java:725)
at org.eclipse.aether.util.concurrency.RunnableErrorForwarder$1.run(RunnableErrorForwarder.java:67)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.maven.wagon.TransferFailedException: peer not authenticated
at org.apache.maven.wagon.shared.http4.AbstractHttpClientWagon.fillInputData(AbstractHttpClientWagon.java:892)
at org.apache.maven.wagon.StreamWagon.getInputStream(StreamWagon.java:116)
at org.apache.maven.wagon.StreamWagon.getIfNewer(StreamWagon.java:88)
at org.apache.maven.wagon.StreamWagon.get(StreamWagon.java:61)
at org.eclipse.aether.connector.wagon.WagonRepositoryConnector$GetTask.run(WagonRepositoryConnector.java:660)
... 4 more
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:437)
at org.apache.maven.wagon.shared.http4.ConfigurableSSLSocketFactoryDecorator.connectSocket(ConfigurableSSLSocketFactoryDecorator.java:64)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.apache.maven.wagon.shared.http4.AbstractHttpClientWagon.execute(AbstractHttpClientWagon.java:746)
at org.apache.maven.wagon.shared.http4.AbstractHttpClientWagon.fillInputData(AbstractHttpClientWagon.java:886)
... 8 more
[INFO] Deployment failed after 0.48 sec
Build step 'Deploy artifacts to Maven repository' changed build result to FAILURE
Finished: FAILURE
问题初步分析。在修改Nexus host name之前,Jenkins master/slave一直可以访问Nexus,各个job也都工作正常。而出现的问题是Peer not authenticated,说明Jenkins和Nexus的SSL连接上出现了问题。由于是SSL连接,而且Nexus又刚刚改掉了host name,所以初步怀疑是证书(certificate)出了问题。
新证书是同事做好了的,所以我只需要从Nexus的keystore中导出证书(cert),并将cert导入到Jenkins的master和slave JDK的cacerts里就好了。接下来使用portacle工具将cert导入到Jenkins master设备的JDK cacerts文件中,以及slave的JDK cacerts文件中。重启Jenkins和slave, 尝试执行job。问题依旧存在。
经过查阅资料,仔细对比,发现Jenkins自带JRE,其并不是使用的标准安装的JDK。所以,Nexus的新证书导入到标准JDK的cacerts文件中对于Jenkins来说是无用的。而,Jenkins使用的JRE定位在这里:C:\medavis\service\Jenkins\jre。Nexus的新证书应该导入到这个JRE的cacerts文件中。遂立即导入证书,重启Jenkins master。然后执行job,确认问题已经解决。