1

I'm having issue fetching code from HTTPS gitlab using jenkins pipeline, it's giving me error timeout as below. I don't have any issue fetching repo from HTTP gitlab server.

NOTE:

  1. My jenkins server and HTTPS gitlab server are in the internal network, and I have cleared the network firewall.
  2. No issue accessing the HTTPS gitlab webpage via browser.
  3. No issue when fetching repo from my HTTP gitlab server.
  4. My HTTPS gitlab server is using self signed cert.

Below are the error messages in jenkins console output, I have masked the git repo URL for confidential purpose.

ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "git fetch --tags --progress https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to access 'https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.git/': Operation timed out after 300042 milliseconds with 0 out of 0 bytes received

    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2671)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2096)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:84)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:618)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:847)
    at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1224)
    at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1302)
    at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:129)
    at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:97)
    at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:84)
    at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:829)
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Build)
Stage "Build" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: Error cloning remote repo 'origin'
Finished: FAILURE

I would appreciate the help if anyone encountered the same and how you guys resolve it. Thanks

Helpmepls
  • 21
  • 1
  • Appears to be a network issue? Does your GitLab server use standard ports (80 for http 443 for https)? Locally, do you use http, https, or ssh to fetch the repos? – sytech Apr 21 '22 at 02:12
  • @sytech I use https to fetch the repos. my https is tcp port 443 – Helpmepls Apr 21 '22 at 02:23
  • It sounds like perhaps you don't have open ports between Jenkins and GitLab. Maybe Jenkins has a different route to the GitLab server that's not open? Can you login to the Jenkins server and try to `curl` or `ping` the GitLab server? It might also help if you can describe the network setup. Where are you hosting GitLab and Jenkins? Are you using AWS? Kubernetes? Etc. – sytech Apr 21 '22 at 02:32
  • my jenkins and gitlab are on-premise, gitlab doesn't accept ping hence it's not pingable. Im able to telnet 443. Is ping needed and will it affect fetching? – Helpmepls Apr 21 '22 at 03:03
  • No, `ping` doesn't necessarily need to work, but it normally _should_ work if you ping your host and the ICMP port is open. Can you use `curl` to contact gitlab using **https** from Jenkins? – sytech Apr 21 '22 at 03:09
  • 1
    I tried curl my gitlab using https and it just stuck as shown below until I CTRL + C to exit [xxxxxxx@xxxxxxx ~]$ curl -v https://xxxxx.xxxxxxx * About to connect() to xxxxx.xxxxxxx port 443 (#0) * Trying xxxxx.xxxxxxx... * Connected to xxxxx.xxxxxxx (xxxxx.xxxxxxx) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none – Helpmepls Apr 21 '22 at 03:23
  • Hmmmm. It should eventually timeout and give you a descriptive error. Maybe [this can help](https://stackoverflow.com/questions/17064601/curl-not-working-error-77-for-ssl-connections-on-centos-for-non-root-users)? – sytech Apr 21 '22 at 04:16
  • After firewall open for ICMP port between my jenkins and gitlab server, I managed to curl from jenkin and also managed to git checkout via jenkins pipeline. we can conclude that ICMP port is required other than https/http – Helpmepls Apr 27 '22 at 08:47

0 Answers0