Closed cykl closed 3 years ago
We had issues with the work around not seeming to work. We have a webhook for returning scan results to Jenkins. Jenkins is behind a dynamic load balancer and the IPs change on a somewhat regular basis. Whenever the IPs would change all our webhook calls would fails as SonarQube now has an incorrect IP for Jenkins. We resorted to building a custom image where we set networkaddress.cache.ttl
to 0 to turn the cache off to avoid these failures.
When our Gitlab instance got a new IP address this week, Sonarqube failed to decorate merge requests until we killed the pod. It seems to be caching DNS resolutions forever. Root cause is likely that Sonarqube uses a security manager but do not set
networkaddress.cache.ttl
to 0 or a small value in the security policy. JVM default value is -1, ie “cache forever” policy, see https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/net/doc-files/net-properties.html.It would be great if official Sonarqube docker images set a sensible
networkaddress.cache.ttl
. As a temporary workaround, users should be able to set-Dsun.net.inetaddr.ttl
which is easier to set than writing a security policy file on disk.Troubleshooting
Merge request decoration was failing with following stack trace:
Sonarqube thinks that gitlab IP address is 10.46.0.13 but DNS says that IP address is 10.46.0.20
Environement: