Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-50690

Cannot log in to vSphere with plugin 2.17

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Not A Defect
    • Component/s: vsphere-cloud-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.111
      Java 8.x
      vSphere plugin 2.17
    • Similar Issues:

      Description

      Upgraded from vSphere plugin 2.16 > 2.17 and we can no longer connect to vSphere.  Among other things, certificate errors and illegal characters warnings.  We have several systems worldwide that have been running for a very many years, and this could end up being problematic.

      I suspect it has to do with our naming of jenkins_us1 (the underscore) but that is not clear.  To change the name of all of our jenkins, vSphere,and VM instances starts a domino effect that will not be pretty.

        Attachments

          Activity

          Hide
          pjdarton pjdarton added a comment -

          Version 2.17 enabled HTTPS certificate validation by default. Prior to that, the vSphere plugin always disabled SSL certificate validation, which was a security flaw as it opened up Jenkins to a man-in-the-middle attack.
          FYI the security fix there was to change a "disable security check" boolean that was hard-coded to "true" into a user-configurable field that defaulted to "false" for anyone upgrading.

          So, while 2.17 fixed that security flaw by enabling SSL validation, you can turn it off again through the configuration UI which, while that leaves you an in insecure state (just like 2.16 and earlier), it means that the way the plugin connects is exactly the same as it was in 2.16 and earlier.

          So, short term, you can tick the "Disable SSL Check" box (Manage Jenkins -> Configure System, scroll down to the vSphere Cloud section).
          Long term, I think you're going to have to fix your certificate errors so that you don't have to disable security features to make things work...

          Show
          pjdarton pjdarton added a comment - Version 2.17 enabled HTTPS certificate validation by default. Prior to that, the vSphere plugin always disabled SSL certificate validation, which was a security flaw as it opened up Jenkins to a man-in-the-middle attack. FYI the security fix there was to change a "disable security check" boolean that was hard-coded to "true" into a user-configurable field that defaulted to "false" for anyone upgrading. So, while 2.17 fixed that security flaw by enabling SSL validation, you can turn it off again through the configuration UI which, while that leaves you an in insecure state (just like 2.16 and earlier), it means that the way the plugin connects is exactly the same as it was in 2.16 and earlier. So, short term, you can tick the "Disable SSL Check" box (Manage Jenkins -> Configure System, scroll down to the vSphere Cloud section). Long term, I think you're going to have to fix your certificate errors so that you don't have to disable security features to make things work...

            People

            • Assignee:
              Unassigned
              Reporter:
              jpeterson John peterson
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: