Project

General

Profile

Bug #2358

jenkins errors when adding/configuring new nodes

Added by roh 10 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
High
Assignee:
Category:
-
Target version:
-
Start date:
07/11/2017
Due date:
% Done:

0%

Spec Reference:

Description

when following the manual for osmo-gsm-tester (http://ftp.osmocom.org/docs/latest/osmo-gsm-tester-manual.pdf) to set up the production tester i encountered the following error(s):

first my browser warns about uncrypted page in all fields, but also about an uncrypted connection (even when jenkins is accessed via https) on pressing 'add'.

on ignoring that a grey modal dialog with 'error' written top-left and some 'close window'-X in the corner comes up. the dialog can be dragged around, the rest of the browser is greyed out.

expected behaviour: no crypto warnings, and no grey box, but an added/configured node

screenshot: http://kleinekatze.de/yaad2Egh/screenshot.png

reproduce:
log in
manage jenkins
manage nodes
configure on the right on 'osmo-gsm-tester-prod'
add (on the right next to credentials) -> jenkins
switch kind to 'ssh with private key'
username 'jenkins'
private key: from a file on jenkins master "/usr/local/jenkins/keys/osmo-gsm-tester-prod"
passphrase: see internal wiki - not important to reproduce the error
ID: "osmo-gsm-tester-prod"
desc: "jenkins for SSH to osmo-gsm-tester-prod"

klick add
either the empty error comes up. alternatively the dialog exits but the user 'jenkins for ssh to osmo-gsm-tester-prod' doesnt show up in the list. (as if the add dialog never was used)

screenshot.png - screenshot (52.5 KB) laforge, 07/11/2017 04:34 PM

jenkins-dialog-http.pcapng - chromium and http: clicking the final 'Add' button that closes the dialog. (1.77 KB) neels, 07/17/2017 11:46 AM

Screen Shot 2017-07-17 at 16.42.24.png (208 KB) zecke, 07/17/2017 02:42 PM

2707
2710

History

#1 Updated by laforge 10 months ago

  • Assignee set to zecke

#2 Updated by laforge 10 months ago

2707

#3 Updated by neels 9 months ago

On firefox, I see an error behavior like in the screenshot. Using chromium, the dialog shows no error but simply closes, but without any effect: the settings are not applied.
A wireshark trace shows only SSL connections being made.

It is also easily possible to connect to our jenkins using plain http. In unencrypted connection, I see a POST request with 0 content length. I have attached a short pcap of the communication that happens when clicking the final "Add" button in the dialog, using chromium and HTTP. (When connecting via HTTPS, this is SSL encrypted, and no indication why firefox would complain about an unencrypted transmission)

This dialog worked identically a couple of weeks ago (May 14, 2017). Very puzzling.

#4 Updated by neels 9 months ago

because I have entered the SSH key passphrase in plain text in on jenkins with HTTP to produce the pcap, I have disabled the authorized_keys on the osmo-gsm-tester-prod.
I have also changed my password. (Though technically an eavesdropper could have logged in as me in the meantime and used the admin credentials to find out everything visible to my user...)

#5 Updated by neels 9 months ago

No errors appear in the jenkins server log (jenkins.osmocom.org jail /var/log/jenkins.log) when clicking the add button.

#6 Updated by neels 9 months ago

I have manually edited /usr/local/jenkins/credentials.xml and copied the entry for the osmo-gsm-tester-rnd, which uses the same private key as the RnD setup for now (because the passphrase in the credentials.xml is not in plain text, I need to use the same one).

The build slave on the production unit is up and running now; but the dialog UI problem is not solved.

#7 Updated by zecke 9 months ago

2710

hmm.. with latest firefox.. I will force http->https for all connections now.

#8 Updated by zecke 9 months ago

  • Status changed from New to Feedback

I have enabled the http -> https redirect. If you open http://jenkins.osmocom.org it goes to https://jenkins.osmocom.org/ followed by https://jenkins.osmocom.org/jenkins/.. i made a gerrit test build to see if the two systems still talk to each other.. they did.

#9 Updated by zecke 9 months ago

test comment..

#10 Updated by laforge 2 months ago

  • Assignee changed from zecke to lynxis

#11 Updated by lynxis about 2 months ago

I can reproduce the error with firefox with the osmocom jenkins setup.

<form method="POST" action="http://jenkins/jenkins/descriptor/com.cloudbees.plugins.credentials.CredentialsSelectHelper/resolver/com.cloudbees.plugins.credentials.CredentialsSelectHelper$SystemContextResolver/provider/com.cloudbees.plugins.credentials.SystemCredentialsProvider$ProviderImpl/context/jenkins/addCredentials" id="credentials-dialog-form"><div><input name="json" value="init" type="hidden"></div></form>

Looks to me, the jenkins doesn't know his own url.

#12 Updated by lynxis about 2 months ago

I've rechecked two other jenkins installation which I maintain and both does not have this bug.

#13 Updated by lynxis about 2 months ago

  • Status changed from Feedback to In Progress

#14 Updated by lynxis about 2 months ago

You can find the broken http link if you do:

"Manage Nodes" -> "choose a node" -> "Configure" -> "Credentials" -> "Add" -> "jenkins" [Ajax screen pops up].

Right click on the "Add" Button and do Inspect. If you look a couple lines upwards, there is a "<POST>" which
contain the broken http://jenkins/jenkins/... link

I've verified with chromium 64.0.3282.140-2 and firefox 58.0.2-1

#15 Updated by zecke about 2 months ago

  • Status changed from In Progress to Closed

Lovely.. reverse proxying works differently everywhere..

  • This URL used the "host" from nginx->jenkins connection
  • It apparently requires X-Forwarded-Proto as well
      proxy_set_header        Host $host:$server_port;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

Also available in: Atom PDF