Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46815

master returns wrong protocol to slave agent

    Details

    • Similar Issues:

      Description

      Previously, when the agent would attempt to connect to our master, it would get back the following:

      Sep 06 06:54:13 internalhostname java[31206]: INFO: Locating server among https://jenkins.domain.tld/jenkins/, https://internalhostname/jenkins/

      Since switching from 2.76 to 2.78, and to using the agent.jar instead of the slave.jar, we are getting:

      Sep 12 13:30:56 internalhostname java[31206]: INFO: Locating server among https://jenkins.domain.tld/jenkins/, http://internalhostname/jenkins/ 

      Please note the change from https to http.

      I cannot determine what caused this change however, or where I can configure this.

      The problem is that the domain url cannot be resolved from the agent because it tries to connect to the external ip which is only accessible from the office network.

      The internal hostname works fine, but only over https, not http.

      We start the agent using:

      /bin/java -Djsse.enableSNIExtension=false -jar /data/jenkins/agent.jar -noCertificateCheck -jnlpUrl https://internalhostname/jenkins/computer/internalhostname/slave-agent.jnlp -secret ea1459602ecd86fe6ca5393857791b1bf56391febdbb7f4693ffd718399c56c9

        Attachments

          Activity

          Hide
          alcohol Rob Bast added a comment -

          Yeah the system configuration has the external facing hostname (I assume it is used to construct URLs on the pages and such as well?) which is only accessible from the office network, not from the slave machines.

          I do not understand where it gets the second url from, and why that used to be https but is http now a days.

          Show
          alcohol Rob Bast added a comment - Yeah the system configuration has the external facing hostname (I assume it is used to construct URLs on the pages and such as well?) which is only accessible from the office network, not from the slave machines. I do not understand where it gets the second url from, and why that used to be https but is http now a days.
          Hide
          danielbeck Daniel Beck added a comment -

          https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/hudson/slaves/SlaveComputer/slave-agent.jnlp.jelly#L101

          My guess is a change to the reverse proxy configuration, probably started or stopped passing X-Forwarded-Proto or similar.

          Run the following in script console and report the output:

          println Jenkins.instance.rootUrlFromRequest
          println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-For')
          println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Host')
          println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Proto')
          println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Port')
          println org.kohsuke.stapler.Stapler.currentRequest.serverPort
          println org.kohsuke.stapler.Stapler.currentRequest.serverName

          Show
          danielbeck Daniel Beck added a comment - https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/hudson/slaves/SlaveComputer/slave-agent.jnlp.jelly#L101 My guess is a change to the reverse proxy configuration, probably started or stopped passing X-Forwarded-Proto or similar. Run the following in script console and report the output: println Jenkins.instance.rootUrlFromRequest println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-For') println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Host') println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Proto') println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Port') println org.kohsuke.stapler.Stapler.currentRequest.serverPort println org.kohsuke.stapler.Stapler.currentRequest.serverName
          Hide
          danielbeck Daniel Beck added a comment -

          Apparently the output (provided via IRC) is:

          http://external.domain.tld/jenkins/
          1.2.3.4
          external.domain.tld
          null
          null
          80
          external.domain.tld

          Show
          danielbeck Daniel Beck added a comment - Apparently the output (provided via IRC) is: http://external.domain.tld/jenkins/ 1.2.3.4 external.domain.tld null null 80 external.domain.tld
          Hide
          alcohol Rob Bast added a comment - - edited

          Content of jnlp file (when requested through the browser, not from the agent host) is:

           

          <?xml version="1.0"?>
          <jnlp codebase="https://external.domain.tld/jenkins/computer/internalhostname/" spec="1.0+">
           <information>
            <title>Agent for internalhostname</title>
            <vendor>Jenkins project</vendor>
            <homepage href="https://jenkins-ci.org/"/>
           </information>
           <security>
            <all-permissions/>
           </security>
           <resources>
           <j2se version="1.8+"/>
           <jar href="https://external.domain.tld/jenkins/jnlpJars/remoting.jar"/>
           </resources>
           <application-desc main-class="hudson.remoting.jnlp.Main">
            <argument>0cf93ebea71d3fefbbff35b25dd3db195976e7df79455431e619a3fce74c4efa</argument>
            <argument>internalhostname</argument>
            <argument>-workDir</argument>
            <argument>/data/jenkins</argument>
            <argument>-internalDir</argument>
            <argument>remoting</argument>
            <argument>-url</argument>
            <argument>https://external.domain.tld/jenkins/</argument>
            <argument>-url</argument>
            <argument>http://external.domain.tld/jenkins/</argument>
           </application-desc>
          </jnlp>

          Show
          alcohol Rob Bast added a comment - - edited Content of jnlp file (when requested through the browser, not from the agent host) is:   <?xml version="1.0"?> <jnlp codebase="https://external.domain.tld/jenkins/computer/internalhostname/" spec="1.0+">  <information>   <title>Agent for internalhostname</title>   <vendor>Jenkins project</vendor>   <homepage href="https://jenkins-ci.org/"/>  </information>  <security>   <all-permissions/>  </security>  <resources>  <j2se version="1.8+"/>  <jar href="https://external.domain.tld/jenkins/jnlpJars/remoting.jar"/>  </resources>  <application-desc main-class="hudson.remoting.jnlp.Main">   <argument>0cf93ebea71d3fefbbff35b25dd3db195976e7df79455431e619a3fce74c4efa</argument>   <argument>internalhostname</argument>   <argument>-workDir</argument>   <argument>/data/jenkins</argument>   <argument>-internalDir</argument>   <argument>remoting</argument>   <argument>-url</argument>   <argument> https://external.domain.tld/jenkins/ </argument>   <argument>-url</argument>   <argument> http://external.domain.tld/jenkins/ </argument>  </application-desc> </jnlp>
          Hide
          alcohol Rob Bast added a comment -

          Sorry, turns out the reverse proxy was not setup correctly and did not pass the X-Forwarded-Proto header.

          Show
          alcohol Rob Bast added a comment - Sorry, turns out the reverse proxy was not setup correctly and did not pass the X-Forwarded-Proto header.

            People

            • Assignee:
              Unassigned
              Reporter:
              alcohol Rob Bast
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: