Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63376

Casc plugin racing condition configuring a proxy

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Labels:
    • Environment:
    • Similar Issues:

      Description

      My environment is behind a corporate forward proxy. There is no direct access to the internet.
      With the CASC config split over two different yaml files:

      • 01_jenkins.yaml
      • 02_saml.yaml

      where 01_jenkins.yaml contains the proxy config:

      proxy:
        name: "proxy.x.y.z"
        noProxyHost: |-
          localhost
          169.254.169.254
        port: 8080

      and 02_saml.yaml containing a saml security realm:
      jenkins:
        securityRealm:
          saml:
      ...
            idpMetadataConfiguration:
              period: 0
              url: "${jenkins.test.saml.idp.metadata.url}"
      ...

      Starting Jenkins fails with a "connect timeout" exception because the saml plugin is unable to download the IDP metadata.

      The logs (see attached screenshot) show that the proxy is being configured(multiple entries for this) but then subsequently, an IOException is thrown since jenkins cannot download a metadatafile required for the saml plugin.

      This seems to be some racing condition where the proxy config is not yet persisted once the saml plugin tries to grab the IDP metadata.

      There is no issue with my config or starting Jenkins if I remove the 02_saml.yaml file and use a local Jenkins user in my security realm. In this case there are no errors in the logs and the proxy gets configured as expected.

      If I then add 02_saml.yaml and restart Jenkins so that the JCASC configuration get reloaded, everything works as expected.

      As a workaround, I now inject a file 'proxy.xml' directly in $JENKINS_HOME before starting Jenkins.

        Attachments

          Activity

          Hide
          chris_dw Chris DeVille added a comment -

          Anybody?

           

          Show
          chris_dw Chris DeVille added a comment - Anybody?  

            People

            • Assignee:
              Unassigned
              Reporter:
              chris_dw Chris DeVille
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: