CODEWITHSUNDEEP
gitssljenkinsjgit
Bryan Chen
Bryan Chen

Reputation: 339

How to disable Jenkins checkout and git plugin SSL verify?

I'm running Jenkins agent in K8s nodes. I add git config --global http.sslVerify false in dockerfile. I also add ~/.gitconfig in dockerfile too. I try to use Jenkins checkout and git in pipeline to fetch codes, but I got following error:

 stderr: fatal: unable to access 'https://gitlab-ops.prod.hccn/iac/gitops/vsphere_linux.git/': SSL certificate problem: unable to get local issuer certificate

But if I replace them by sh git clone command, it's ok.

So here are my questions:

  1. git config --global http.sslVerify false is only works for git command, don't work for Jenkins checkout and git, right? Because git command is a sh command, but Jenkins checkout git is some kind of Java plugin?
  2. Is Jenkins checkout also reference git or gitclient plugin?
  3. How to disable Jenkins checkout and git plugin SSL verify? I don't find them on jenkins git-client plugin or jenkins git plugin or jenkins scm plugin

Supplement:

  1. I run git config --global http.sslVerify false on each k8s node
  2. Jenkins Version is 2.277.4
  3. Jenkins Git Plugin Version is 4.7.1
  4. Jenkins Git Client Plugin Version is 3.7.1

Supplement 2:

I have 2 git project. The Jenkinsfile is in the first one, which configure in the Jenkins Job. The default checkout is working well. During the pipeline running, it will try to pull another git project on the Jenkins agent, this is where the problem arises.

Upvotes: 2

Views: 1836

Answers (1)

VonC
VonC

Reputation: 1324268

Using the Jenkins Git client plugin, I would avoid JGit (set in this setting)

https://cdn.jsdelivr.net/gh/jenkinsci/git-client-plugin@master/images/enable-jgit.png

I would:

  • select Git
  • Make sure git is in the $PATH of the Jenkins Controller (formerly known as "master")

Then the global setting http.sslVerify would be enforced.
Although, as seen here, JGit should also be able to read the same setting.

From the comments/discussion, the OP Bryan Chen adds:

I have two git project.
The Jenkinsfile is in the first one, which configure in the Jenkins Job. The default checkout is working well.
During the pipeline running, it will try to pull another git project on the Jenkins agent, this is where the problem arises.

That means the root cause seems to be within the container executing the job as an agent (in a container), not in the main Jenkins controller.

Upvotes: 0

Related Questions