Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53897

Using public DNS when property is set to false from within VPC with IGW

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: ec2-plugin
    • Labels:
    • Environment:
      Ubuntu 16.04.4 LTS
      Java 1.8.0_181-b13
      Jenkins 2.121.3
      ec2-plugin 1.40
    • Similar Issues:

      Description

      Case 1

      When running Jenkins master within a VPC, on a subnet routed to an IGW.

      • Jenkins master has public IP
      • Jenkins node has public IP

      Problem was not detected, because the master would reach get from the same public DNS of the node, the internal IP. It seems to also attempt correctly to use the private IP first, then the public DNS while the node is booting.

      eg:

      INFO: Connecting to [PRIVATE IP] on port 22, with timeout 10000.
      Oct 04, 2018 5:57:49 PM hudson.plugins.ec2.EC2Cloud
      INFO: Failed to connect via ssh: The kexTimeout (10000 ms) expired.
      Oct 04, 2018 5:57:49 PM hudson.plugins.ec2.EC2Cloud
      INFO: Waiting for SSH to come up. Sleeping 5.
      Oct 04, 2018 5:57:54 PM hudson.plugins.ec2.EC2Cloud
      INFO: Connecting to ec2-[PUBLICIP].ap-southeast-2.compute.amazonaws.com on port 22, with timeout 10000.
      ...
      Agent successfully connected and online
      

      Case 2

      When running Jenkins master within a VPC, on a subnet routed to an IGW.

      • Jenkins master has public IP
        Configured another VPC (to use nodes in another region). Region 2 VPC has peer connection to VPC of Jenkins master, and is working fine with private IPs.
      • Jenkins node has public IP

      The problem is evident because the master starts and continues to attempt connecting with the public DNS. Even though the cloud "Connect using Public IP" box is not selected in the configuration.

      INFO: Connecting to ec2-13-58-190-137.us-east-2.compute.amazonaws.com on port 22, with timeout 10000.
      ...
      

      I have tried logging into the Jenkins master and verified the private IP works fine, to reach the node in the other region VPC. So the only issue is apparently the call to getEC2HostAddress

      Other notes

      It may be related to JENKINS-34533.

        Attachments

          Issue Links

            Activity

            Hide
            chefren E G added a comment -

            Debugging this AWS scenarios by calling DescribeInstances and checking the Instance object may help

            Show
            chefren E G added a comment - Debugging this AWS scenarios by calling DescribeInstances and checking the Instance object may help
            Hide
            chefren E G added a comment -

            Feature initial commit

            Show
            chefren E G added a comment - Feature initial commit
            Hide
            chefren E G added a comment -

            AWS DNS and VPC docs

            Show
            chefren E G added a comment - AWS DNS and VPC docs
            Hide
            thoulen FABRIZIO MANFREDI added a comment -

            1.43 has the option to define the way to connect to slave.

            Show
            thoulen FABRIZIO MANFREDI added a comment - 1.43 has the option to define the way to connect to slave.
            Hide
            chefren E G added a comment -

            Hi FABRIZIO MANFREDI, how is it different from the "Connect using Public IP" box in 1.40? In the description above it is mentioned that it is not selected in the configuration, yet the master attempts to hit the public IP.

            Show
            chefren E G added a comment - Hi FABRIZIO MANFREDI , how is it different from the "Connect using Public IP" box in 1.40? In the description above it is mentioned that it is not selected in the configuration, yet the master attempts to hit the public IP.

              People

              • Assignee:
                thoulen FABRIZIO MANFREDI
                Reporter:
                chefren E G
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: