Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37745

Tool installer prematurely connecting to download URLs on master

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • core
    • None

      It appears that during a tool install, the master is attempting a connection out to the remote url - before attempting it on the agent.

      Stack Trace

      java.io.IOException: Failed to install <tool url> to <file path>
at hudson.FilePath.installIfNecessaryFrom(FilePath.java:832) 
at hudson.tools.DownloadFromUrlInstaller.performInstallation(DownloadFromUrlInstaller.java:76) 
at hudson.tools.InstallerTranslator.getToolHome(InstallerTranslator.java:68) 
at hudson.tools.ToolLocationNodeProperty.getToolHome(ToolLocationNodeProperty.java:108) 
at hudson.tools.ToolInstallation.translateFor(ToolInstallation.java:206)

      Forcing a problem

      One way to force a failure on the master would be to set a "fail always" hostname verifier on the master (via script console)

      HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
    public boolean verify(String hostname, SSLSession session) {
      return false;
    }
  }
);

      Discussion

      The failure was here [1]. But this is happening on the master. We do not really care how the master is configured; we want to do the download from the agent, for builds run in a remote workspace (the recommended configuration).

      Which it does try to do, starting at line 804, falling back to a slower master-based download only if that fails (for example because the agent has no Internet access).

      The problem is that we first try to get a URLConnection on the master merely to check the timestamp and other response headers plus status (so we know whether a download is even needed); normally con is then discarded without downloading content. So the fact that a failure occurred in the dummy initial connection (which would ideally be a HEAD not GET) is causing the whole tool installation to fail is a serious problem.

      For a remote workspace, we should be doing even the metadata checks inside the Unpack callable.

      It should not really matter whether the master’s settings were broken or not, at least not for purposes of tool downloads. One connection to the tool installer URL would be made, from the agent JVM, which (I hope) would have default Java settings that would work fine.

      [1] https://github.com/jenkinsci/jenkins/blob/jenkins-1.651.2/core/src/main/java/hudson/FilePath.java#L767

            jglick Jesse Glick
            bwalding Ben Walding
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: