Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60407

Launched instances cannot reach public internet (regression)

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: ec2-plugin
    • Labels:
      None
    • Environment:
      Jenkins ver. 2.190.3
    • Similar Issues:

      Description

      With plugin 1.45 all is working.

      Upgraded to 1.46.1 and although the agents report themselves as available, they have no network access to the outside world. Reverting to 1.45 got them back again.

      The agents are each configured with the same single private subnet to launch into. Investigations showed things like `ping -c 3 google.com` times out.

      Checking out from bitbucket.org was the original fault reported. We have apparently made no changes to the Jenkins master, except to upgrade it to the current LTS from a recent release at the same time as updating the plugins this lunchtime.

        Attachments

          Activity

          Hide
          raihaan Raihaan Shouhell added a comment -

          Dominik Bartholdi Could I have some details on your setup?

          Do you launch in a vpc? If so is your subnet public or private? What is in that subnets route table?

          Show
          raihaan Raihaan Shouhell added a comment - Dominik Bartholdi Could I have some details on your setup? Do you launch in a vpc? If so is your subnet public or private? What is in that subnets route table?
          Hide
          imod Dominik Bartholdi added a comment -

          Raihaan Shouhell sure, I do my best to get you the required details: All I do is done with cloudformation, so it should be reproducible.

          Everytime we install a new version, i create it from scratch: I remove everything and build it up from ground with cloudformation only (no manual steps and no cloudformation updates).

          You can find a stripped down version of the cloudformation templates here: https://gist.github.com/imod/fb702d545dbe77292e8f4796c7804059 

          The templates should contain all the details you need. The 'vpc-cloudformation-template,json' creates the full VPC with route tables, subnet and gateway and can be executed as is, but I had to remove quite a bit from the 'jenkins-cloudformation-template,json' - this one would install Jenkins on a EC2 instance and configure the security groups. 

          I hope this is useful, if you don't get a long with cloudformation, please let me know.

           

          Show
          imod Dominik Bartholdi added a comment - Raihaan Shouhell sure, I do my best to get you the required details: All I do is done with cloudformation, so it should be reproducible. Everytime we install a new version, i create it from scratch: I remove everything and build it up from ground with cloudformation only (no manual steps and no cloudformation updates). You can find a stripped down version of the cloudformation templates here:  https://gist.github.com/imod/fb702d545dbe77292e8f4796c7804059   The templates should contain all the details you need. The 'vpc-cloudformation-template,json' creates the full VPC with route tables, subnet and gateway and can be executed as is, but I had to remove quite a bit from the 'jenkins-cloudformation-template,json' - this one would install Jenkins on a EC2 instance and configure the security groups.  I hope this is useful, if you don't get a long with cloudformation, please let me know.  
          Hide
          jmkgreen James Green added a comment -

          FWIW our working Jenkins installation (with ec2-plugin:1.45) has instances configured to launch within the same VPC as Jenkins itself, and the "Associate Public IP address" checkbox is not checked. Yet ec2 instances do have public IPs - we just never noticed.

          I am guessing that updated plugin versions now require this checkbox to be checked.

          Show
          jmkgreen James Green added a comment - FWIW our working Jenkins installation (with ec2-plugin:1.45) has instances configured to launch within the same VPC as Jenkins itself, and the "Associate Public IP address" checkbox is not checked. Yet ec2 instances do have public IPs - we just never noticed. I am guessing that updated plugin versions now require this checkbox to be checked.
          Hide
          imod Dominik Bartholdi added a comment -

          James Green that sounds like the exact same case then

          Show
          imod Dominik Bartholdi added a comment - James Green that sounds like the exact same case then
          Hide
          jmkgreen James Green added a comment -

          I have checked the option "Associate Public IP" for each agent and relaunched with ec2-plugin:1.49 - brand new agents are working.

          Show
          jmkgreen James Green added a comment - I have checked the option "Associate Public IP" for each agent and relaunched with ec2-plugin:1.49 - brand new agents are working.

            People

            • Assignee:
              thoulen FABRIZIO MANFREDI
              Reporter:
              jmkgreen James Green
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: