Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31256

hudson.Remoting.Engine#waitForServerToBack does not use credentials for connection

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      We have a jenkins instance running behind Apache web server, which forces basic authentication for accessing Jenkins.

      When using jnlp from a slave machine, then it works initially, because it uses provided basic authentication credentials. However at some point it stops working and in jenkins-slave.err.log this line is printed over and over again:
      Oct 29, 2015 12:38:23 PM hudson.remoting.Engine waitForServerToBack
      INFO: Master isn't ready to talk to us. Will retry again: response code=401

      Looking at the Engine#waitForServerToBack (https://github.com/jenkinsci/remoting/blob/master/src/main/java/hudson/remoting/Engine.java#L365) code, I can see that it does not provide credentials to path /tcpSlaveAgentListener.

      Although there's a comment at #run method (https://github.com/jenkinsci/remoting/blob/master/src/main/java/hudson/remoting/Engine.java#L185):
      // TODO /tcpSlaveAgentListener is unprotected so why do we need to pass any credentials?

      Reading this, It seems that Engine assumes that Jenkins is never placed behind firewalls and served directly to the public, which is not always the case, especially when Jenkins slaves are involved - they might be outside of Jenkins own network, thus firewalls/proxies are probably between them.

      In other words - Engine should always provide credentials to every request, if they exist, because assumption of something being unprotected might be wrong.

      PS! Same thing applies to proxy credentials, which are not provided in the #waitForServerToBack, but are provided in #run.

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Tim Pambor
          Path:
          src/main/java/hudson/remoting/Engine.java
          src/main/java/hudson/remoting/Util.java
          http://jenkins-ci.org/commit/remoting/362cfb28e6073965e9146fca3875de39baf6d55e
          Log:
          JENKINS-31256 Reintegrated https://github.com/jenkinsci/remoting/pull/87 and https://github.com/jenkinsci/remoting/pull/67 with proper author

          Compare: https://github.com/jenkinsci/remoting/compare/fbb9aff7cf0f...362cfb28e607

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Tim Pambor Path: src/main/java/hudson/remoting/Engine.java src/main/java/hudson/remoting/Util.java http://jenkins-ci.org/commit/remoting/362cfb28e6073965e9146fca3875de39baf6d55e Log: JENKINS-31256 Reintegrated https://github.com/jenkinsci/remoting/pull/87 and https://github.com/jenkinsci/remoting/pull/67 with proper author Compare: https://github.com/jenkinsci/remoting/compare/fbb9aff7cf0f...362cfb28e607
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          pom.xml
          http://jenkins-ci.org/commit/jenkins/d9f12b0e614d9598221c571001aa43c018b21e25
          Log:
          Update remoting to 2.60

          Changes summary:

          Fixed issues:

          Enhancements:

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/jenkins/d9f12b0e614d9598221c571001aa43c018b21e25 Log: Update remoting to 2.60 Changes summary: Fixed issues: JENKINS-22722 ( https://issues.jenkins-ci.org/browse/JENKINS-22722 ) - Make the channel reader tolerant against Socket timeouts. ( https://github.com/jenkinsci/remoting/pull/80 ) JENKINS-32326 ( https://issues.jenkins-ci.org/browse/JENKINS-32326 ) - Support no_proxy environment variable. ( https://github.com/jenkinsci/remoting/pull/84 ) JENKINS-35190 ( https://issues.jenkins-ci.org/browse/JENKINS-35190 ) - Do not invoke PingFailureAnalyzer for agent=>master ping failures. ( https://github.com/jenkinsci/remoting/pull/85 ) JENKINS-31256 ( https://issues.jenkins-ci.org/browse/JENKINS-31256 ) - <code>hudson.Remoting.Engine#waitForServerToBack</code> now uses credentials for connection. ( https://github.com/jenkinsci/remoting/pull/87 ) JENKINS-35494 ( https://issues.jenkins-ci.org/browse/JENKINS-35494 ) - Fix issues in file management in <code>hudson.remoting.Launcher</code> (main executable class). ( https://github.com/jenkinsci/remoting/pull/88 ) Enhancements: Ensure a message is logged if remoting fails to override the default <code>ClassFilter</code>. ( https://github.com/jenkinsci/remoting/pull/80 )
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          pom.xml
          http://jenkins-ci.org/commit/jenkins/c718516adfddeb10cbf616ce37c619cc6bbafd53
          Log:
          Update remoting to 2.60 (#2403)

          Changes summary:

          Fixed issues:

          Enhancements:

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/jenkins/c718516adfddeb10cbf616ce37c619cc6bbafd53 Log: Update remoting to 2.60 (#2403) Changes summary: Fixed issues: JENKINS-22722 ( https://issues.jenkins-ci.org/browse/JENKINS-22722 ) - Make the channel reader tolerant against Socket timeouts. ( https://github.com/jenkinsci/remoting/pull/80 ) JENKINS-32326 ( https://issues.jenkins-ci.org/browse/JENKINS-32326 ) - Support no_proxy environment variable. ( https://github.com/jenkinsci/remoting/pull/84 ) JENKINS-35190 ( https://issues.jenkins-ci.org/browse/JENKINS-35190 ) - Do not invoke PingFailureAnalyzer for agent=>master ping failures. ( https://github.com/jenkinsci/remoting/pull/85 ) JENKINS-31256 ( https://issues.jenkins-ci.org/browse/JENKINS-31256 ) - <code>hudson.Remoting.Engine#waitForServerToBack</code> now uses credentials for connection. ( https://github.com/jenkinsci/remoting/pull/87 ) JENKINS-35494 ( https://issues.jenkins-ci.org/browse/JENKINS-35494 ) - Fix issues in file management in <code>hudson.remoting.Launcher</code> (main executable class). ( https://github.com/jenkinsci/remoting/pull/88 ) Enhancements: Ensure a message is logged if remoting fails to override the default <code>ClassFilter</code>. ( https://github.com/jenkinsci/remoting/pull/80 )
          Hide
          jbq jbq added a comment -

          I can confirm the fix solves the problem. I think you can mark this issue as resolved, at least a fresh install from the git remoting repo works for me, the slave reconnects successfully after the connection has dropped.

          Thanks!

          Show
          jbq jbq added a comment - I can confirm the fix solves the problem. I think you can mark this issue as resolved, at least a fresh install from the git remoting repo works for me, the slave reconnects successfully after the connection has dropped. Thanks!
          Hide
          wiizzard Tim Pambor added a comment -

          Fixed in remoting 2.60. Released as part of Jenkins 2.9.

          Show
          wiizzard Tim Pambor added a comment - Fixed in remoting 2.60. Released as part of Jenkins 2.9.

            People

            • Assignee:
              wiizzard Tim Pambor
              Reporter:
              jarm0 Jarmo Pertman
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: