Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43527

Connecting to master on HTTPS fails after few minutes

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: swarm-plugin
    • Labels:
      None
    • Environment:
      ## Master
      Jenkins Version : 2.51
      OS: Alpine OS 3.5
      Swarm Plugin 3.3

      ## Slave
      Jenkins Swarm: 3.3 and 3.4
      OS: Amazon Linux
    • Similar Issues:

      Description

      When I connect to my Jenkins Master on HTTP, swarm works fine but it fails when I try to connect thru HTTPS (after few minutes).

      nohup java -jar /opt/swarm-client-3.4.jar  -disableSslVerification -master https://<Jenkins_URL> -username <username> -password <password> -fsroot /var/jenkins_home &
      

      Here is the detailed log.

      [root@ip-10-61-66-11 ~]# java -jar /opt/swarm-client.jar -disableSslVerification -master https://jenkins-master.mydomain.com -username admin -password jenkinspassword -labels slave -executors 10 -description "Jenkins Slave" -fsroot /var/jenkins_home
      Apr 12, 2017 2:11:12 AM hudson.plugins.swarm.Client main
      INFO: Client.main invoked with: [-disableSslVerification -master https://jenkins-master.mydomain.com -username admin -password jenkinspassword -labels slave -executors 10 -description Jenkins Slave -fsroot /var/jenkins_home]
      Apr 12, 2017 2:11:13 AM hudson.plugins.swarm.Client run
      INFO: Discovering Jenkins master
      SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
      SLF4J: Defaulting to no-operation (NOP) logger implementation
      SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
      Apr 12, 2017 2:11:14 AM hudson.plugins.swarm.Client run
      INFO: Attempting to connect to https://jenkins-master.mydomain.com/ 692eef4e-08aa-4462-9bd3-573a8a977a48 with ID 7fa6f27f
      Apr 12, 2017 2:11:14 AM hudson.plugins.swarm.SwarmClient getCsrfCrumb
      SEVERE: Could not obtain CSRF crumb. Response code: 404
      Apr 12, 2017 2:11:15 AM hudson.remoting.jnlp.Main createEngine
      INFO: Setting up slave: ip-10-61-66-11.ap-southeast-2.compute.internal-7fa6f27f
      Apr 12, 2017 2:11:15 AM hudson.remoting.jnlp.Main$CuiListener <init>
      INFO: Jenkins agent is running in headless mode.
      Apr 12, 2017 2:11:15 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Locating server among [https://jenkins-master.mydomain.com/]
      Apr 12, 2017 2:11:16 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Agent discovery successful
        Agent address: jenkins-master.mydomain.com
        Agent port:    50000
        Identity:      34:fc:02:5a:85:94:6f:24:18:8d:7f:99:36:d7:e1:f6
      Apr 12, 2017 2:11:16 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Handshaking
      Apr 12, 2017 2:11:16 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Connecting to jenkins-master.mydomain.com:50000
      Apr 12, 2017 2:11:16 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Trying protocol: JNLP4-connect
      Apr 12, 2017 2:11:16 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Remote identity confirmed: 34:fc:02:5a:85:94:6f:24:18:8d:7f:99:36:d7:e1:f6
      Apr 12, 2017 2:11:17 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Connected
      
      Apr 12, 2017 2:49:02 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Terminated
      Apr 12, 2017 2:49:02 AM hudson.plugins.swarm.Client run
      INFO: Retrying in 10 seconds
      Apr 12, 2017 2:49:13 AM hudson.plugins.swarm.Client run
      INFO: Attempting to connect to https://jenkins-master.mydomain.com/ 692eef4e-08aa-4462-9bd3-573a8a977a48 with ID 7fa6f27f
      Apr 12, 2017 2:49:13 AM hudson.plugins.swarm.SwarmClient getCsrfCrumb
      SEVERE: Could not obtain CSRF crumb. Response code: 404
      Apr 12, 2017 2:49:14 AM hudson.remoting.jnlp.Main createEngine
      INFO: Setting up slave: ip-10-61-66-11.ap-southeast-2.compute.internal-7fa6f27f
      Apr 12, 2017 2:49:14 AM hudson.remoting.jnlp.Main$CuiListener <init>
      INFO: Jenkins agent is running in headless mode.
      Apr 12, 2017 2:49:14 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Locating server among [https://jenkins-master.mydomain.com/]
      Apr 12, 2017 2:49:14 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Agent discovery successful
        Agent address: jenkins-master.mydomain.com
        Agent port:    50000
        Identity:      34:fc:02:5a:85:94:6f:24:18:8d:7f:99:36:d7:e1:f6
      Apr 12, 2017 2:49:14 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Handshaking
      Apr 12, 2017 2:49:14 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Connecting to jenkins-master.mydomain.com:50000
      Apr 12, 2017 2:49:14 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Trying protocol: JNLP4-connect
      Apr 12, 2017 2:49:15 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Remote identity confirmed: 34:fc:02:5a:85:94:6f:24:18:8d:7f:99:36:d7:e1:f6
      Apr 12, 2017 2:49:15 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Connected
      
      Apr 12, 2017 2:51:02 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Terminated
      Apr 12, 2017 2:51:02 AM hudson.plugins.swarm.Client run
      INFO: Retrying in 10 seconds
      Apr 12, 2017 2:51:13 AM hudson.plugins.swarm.Client run
      INFO: Attempting to connect to https://jenkins-master.mydomain.com/ 692eef4e-08aa-4462-9bd3-573a8a977a48 with ID 7fa6f27f
      Apr 12, 2017 2:51:13 AM hudson.plugins.swarm.SwarmClient getCsrfCrumb
      SEVERE: Could not obtain CSRF crumb. Response code: 404
      Apr 12, 2017 2:51:14 AM hudson.remoting.jnlp.Main createEngine
      INFO: Setting up slave: ip-10-61-66-11.ap-southeast-2.compute.internal-7fa6f27f
      Apr 12, 2017 2:51:14 AM hudson.remoting.jnlp.Main$CuiListener <init>
      INFO: Jenkins agent is running in headless mode.
      Apr 12, 2017 2:51:14 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Locating server among [https://jenkins-master.mydomain.com/]
      Apr 12, 2017 2:51:14 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Agent discovery successful
        Agent address: jenkins-master.mydomain.com
        Agent port:    50000
        Identity:      34:fc:02:5a:85:94:6f:24:18:8d:7f:99:36:d7:e1:f6
      Apr 12, 2017 2:51:14 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Handshaking
      Apr 12, 2017 2:51:14 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Connecting to jenkins-master.mydomain.com:50000
      Apr 12, 2017 2:51:14 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Trying protocol: JNLP4-connect
      Apr 12, 2017 2:51:15 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Remote identity confirmed: 34:fc:02:5a:85:94:6f:24:18:8d:7f:99:36:d7:e1:f6
      Apr 12, 2017 2:51:15 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Connected
      
      Apr 12, 2017 2:53:16 AM hudson.remoting.jnlp.Main$CuiListener status
      INFO: Terminated
      Apr 12, 2017 2:53:16 AM hudson.plugins.swarm.Client run
      INFO: Retrying in 10 seconds
      Apr 12, 2017 2:53:26 AM hudson.plugins.swarm.Client run
      INFO: Attempting to connect to https://jenkins-master.mydomain.com/ 692eef4e-08aa-4462-9bd3-573a8a977a48 with ID 7fa6f27f
      Apr 12, 2017 2:53:27 AM hudson.plugins.swarm.SwarmClient getCsrfCrumb
      SEVERE: Could not obtain CSRF crumb. Response code: 404
      javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching jenkins-master.mydomain.com found.
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1914)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1477)
      	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:213)
      	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
      	at sun.security.ssl.Handshaker.process_record(Handshaker.java:897)
      	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1033)
      	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
      	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
      	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
      	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
      	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
      	at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
      	at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:393)
      	at hudson.plugins.swarm.SwarmClient.connect(SwarmClient.java:284)
      	at hudson.plugins.swarm.Client.run(Client.java:135)
      	at hudson.plugins.swarm.Client.main(Client.java:87)
      Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching jenkins-master.mydomain.com found.
      	at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
      	at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
      	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347)
      	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:940)
      	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:907)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1459)
      	... 14 more
      Apr 12, 2017 2:53:27 AM hudson.plugins.swarm.SwarmClient connect
      SEVERE: Failed to establish JNLP connection to https://jenkins-master.mydomain.com/
      javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching jenkins-master.mydomain.com found.
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1914)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1477)
      	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:213)
      	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
      	at sun.security.ssl.Handshaker.process_record(Handshaker.java:897)
      	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1033)
      	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
      	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
      	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
      	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
      	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
      	at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
      	at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:393)
      	at hudson.plugins.swarm.SwarmClient.connect(SwarmClient.java:284)
      	at hudson.plugins.swarm.Client.run(Client.java:135)
      	at hudson.plugins.swarm.Client.main(Client.java:87)
      Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching jenkins-master.mydomain.com found.
      	at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
      	at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
      	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347)
      	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:940)
      	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:907)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1459)
      	... 14 more
      
      Exception in thread "main" java.lang.IndexOutOfBoundsException: Index: 0
      	at java.util.Collections$EmptyList.get(Collections.java:3212)
      	at hudson.plugins.swarm.SwarmClient.connect(SwarmClient.java:292)
      	at hudson.plugins.swarm.Client.run(Client.java:135)
      	at hudson.plugins.swarm.Client.main(Client.java:87)
      

      Thanks in advance for looking into this.

      Regards,
      Vikas

        Attachments

          Issue Links

            Activity

            Hide
            mdelaney Mike Delaney added a comment -

            Guiomar Tuñón, are you using jdk 8? For me, like Chris Z, if I upgrade my java from 7 to 8, the issue goes away; using the swarm client v3.3

            Show
            mdelaney Mike Delaney added a comment - Guiomar Tuñón , are you using jdk 8? For me, like Chris Z , if I upgrade my java from 7 to 8, the issue goes away; using the swarm client v3.3
            Hide
            gtunon Guiomar Tuñón added a comment -

            I used jdk8 I suppose that's why I could launch the swarm-client-3.3.jar.

            Any news for the 3.4 client?

             

            Show
            gtunon Guiomar Tuñón added a comment - I used jdk8 I suppose that's why I could launch the swarm-client-3.3.jar. Any news for the 3.4 client?  
            Hide
            vikas027 Vikas Kumar added a comment -

            Thanks Mike Delaney Chris Z, upgrading the java version to 1.8 worked for me too.

            Show
            vikas027 Vikas Kumar added a comment - Thanks  Mike Delaney Chris Z , upgrading the java version to 1.8 worked for me too.
            Hide
            winotu Chris Z added a comment - - edited

            Hi,

            Guiomar Tuñón  probably for 3.4 client dirty workaround would be passing -sslFingerprints " "  to client run. I haven't test it. Also quick fix in swarm client code would be changing code to:
            public String sslFingerprints="";
            I must create PR. But it's good to start creating changes with tests for them.

            https://github.com/jenkinsci/swarm-plugin/pull/52/commits

            Show
            winotu Chris Z added a comment - - edited Hi, Guiomar Tuñón   probably for 3.4 client dirty workaround would be passing -sslFingerprints " "  to client run. I haven't test it. Also quick fix in swarm client code would be changing code to: public String sslFingerprints=""; I must create PR. But it's good to start creating changes with tests for them. https://github.com/jenkinsci/swarm-plugin/pull/52/commits
            Hide
            vikas027 Vikas Kumar added a comment -

            Closing the issue since upgrading to Java 1.8 worked for me. Thanks Kohsuke Kawaguchi

            Show
            vikas027 Vikas Kumar added a comment - Closing the issue since upgrading to Java 1.8 worked for me. Thanks Kohsuke Kawaguchi

              People

              • Assignee:
                winotu Chris Z
                Reporter:
                vikas027 Vikas Kumar
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: