目录
2.2.2 hudson.model.UpdateCenter.xml
一. 问题
最近升级Jenkins 版本到 2.346.1 后下载插件, 按照网上操作步骤依然不成功; 次哦, 这个插件问题卡壳好久了;
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at InstallCert.main(InstallCert.java:110)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:205)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
... 9 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
e)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 17 more
然后某天换个思路,瞎折腾一下,然后就好了,特此记录一下,给有需要的人参考;
二. 步骤
2.1. 清华源
Dashboard -> Manage Jenkins -> Manage Plugins -> Plugin Manager -> 高级
切换为清华源:
- http://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
2.2. Jenkins 配置
2.2.1 config.xml
修改如下配置文件:
# C:\ProgramData\Jenkins\.jenkins\config.xml 修改第 17 行, 切换 Jenkins 工作空间目录
<workspaceDir>F:\Jenkins\workspace\${ITEM_FULL_NAME}</workspaceDir>
2.2.2 hudson.model.UpdateCenter.xml
修改如下配置文件:
C:\ProgramData\Jenkins\.jenkins\hudson.model.UpdateCenter.xml
修改后效果如下:
<?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
<url>http://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
</site>
</sites>
2.2.3 default.json
修改如下配置文件:
C:\ProgramData\Jenkins\.jenkins\updates\default.json
替换如下信息:
1. http://www.google.com -> http://www.baidu.com
2. https://updates.jenkins.io/download -> http://mirrors.tuna.tsinghua.edu.cn/jenkins
2.2.4 JDK ...cacerts
注意: 此处是重点;
打开 JDK 路径,比如我的安装路径如下:
C:\Program Files\Java\jdk1.8.0_31
之前一直以为是不是Jenkins 对JDK 要求版本太高了? 后来想着如果还折腾不成功就放弃,直接升级JDK 算了;
# 重点关注
C:\Program Files\Java\jdk1.8.0_31\jre\lib\security
然后我找了下, Android Studio 下的 cacerts 文件:
C:\Program Files\Android\AndroidStudio2021.2\jre\lib\security
次哦,文件大小不一样,算了直接拿这个文件复制到JDK 路径下面:
# 1. 重命名 JDK
C:\Program Files\Java\jdk1.8.0_31\jre\lib\security\cacerts -> C:\Program Files\Java\jdk1.8.0_31\jre\lib\security\cacerts_0
# 2. 复制 Android Studio 中的 cacerts 到 JDK 中
C:\Program Files\Android\AndroidStudio2021.2\jre\lib\security\cacerts -> C:\Program Files\Java\jdk1.8.0_31\jre\lib\security\cacerts
操作好后, 如下图所示:
此时, 修改如下配置:
# Windows 任务管理 -> 服务 启动/关闭/自动重启 方式
C:\Program Files\Jenkins\jenkins.xml
修改后效果为:
<!--
The MIT License
Copyright (c) 2004-2017, Sun Microsystems, Inc., Kohsuke Kawaguchi, Oleg Nenashev, and other Jenkins contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
-->
<!--
Windows service definition for Jenkins.
To uninstall, run "jenkins.exe stop" to stop the service, then "jenkins.exe uninstall" to uninstall the service.
Both commands don't produce any output if the execution is successful.
-->
<service>
<id>jenkins</id>
<name>Jenkins</name>
<description>This service runs Jenkins automation server.</description>
<env name="JENKINS_HOME" value="%ProgramData%\Jenkins\.jenkins"/>
<!--
if you'd like to run Jenkins with a specific version of Java, specify a full path to java.exe.
The following value assumes that you have java in your PATH.
-->
<executable>C:\Program Files\Java\jdk1.8.0_31\bin\java.exe</executable>
<arguments>-Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Djavax.net.ssl.trustStore="C:\Program Files\Java\jdk1.8.0_31\jre\lib\security\cacerts" -jar "C:\Program Files\Jenkins\jenkins.war" --httpPort=8083 --webroot="%ProgramData%\Jenkins\war"</arguments>
<!--
interactive flag causes the empty black Java window to be displayed.
I'm still debugging this.
<interactive />
-->
<logmode>rotate</logmode>
<onfailure action="restart"/>
<!--
In the case WinSW gets terminated and leaks the process, we want to abort
these runaway JAR processes on startup to prevent corruption of JENKINS_HOME.
So this extension is enabled by default.
-->
<extensions>
<!-- This is a sample configuration for the RunawayProcessKiller extension. -->
<extension enabled="true" className="winsw.Plugins.RunawayProcessKiller.RunawayProcessKillerExtension" id="killOnStartup">
<pidfile>%ProgramData%\Jenkins\jenkins.pid</pidfile>
<stopTimeout>10000</stopTimeout>
<stopParentFirst>false</stopParentFirst>
</extension>
</extensions>
<!-- See the referenced examples for more options -->
</service>
重点参数修改的为:
# 注意: 此处JDK 路径要切换成自己本地机器上实际路径
# -Djavax.net.ssl.trustStore="C:\Program Files\Java\jdk1.8.0_31\jre\lib\security\cacerts"
40 Line <arguments>-Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Djavax.net.ssl.trustStore="C:\Program Files\Java\jdk1.8.0_31\jre\lib\security\cacerts" -jar "C:\Program Files\Jenkins\jenkins.war" --httpPort=8083 --webroot="%ProgramData%\Jenkins\war"</arguments>
2.2.3 Jenkins Reboot
# 方式一: 重启 Jenkins
http://localhost:8083/restart
# 方式二【推荐】: 任务管理器 -> 服务 -> Jenkins -> 重新启动
三. 插件
安装如下插件项:
# 持续更新...
...
Blue Ocean
Credentials Binding
Folders
Git
Gradle
Groovy
Metrics Disk Usage
NodeJS
Pipeline
Pipeline: Stage View
PowerShell
Python
Workspace Cleanup
...