Why am I not able to access Jenkins remotely? - jenkins

My jenkins has suddenly stopped being accessed from a remote machine. I have tried the following command to open it from another machines:
java -jar jenkins.war --httpPort=8085 --httpListenAddresss=0.0.0.0
and then I am tried to open it using
http://hostname:8085
And
http://ip:8085
but I am not able to access it. To launch the slave on other machine I need to have access to that url.
note: I am able to ping to my host name from any remote machine.
I given access to all inbound and outbound connections from my firewall

You can see the correct URL in Nodes view:
Create dummy node with "Launch method" = "Launch agent via Java Web Start"
Save it
Choose this 'dummy' node
Jenkins should show you a command line with correct URL, i.e.
java -jar slave.jar -jnlpUrl http://myjenkinsserver:8080/computer/dummy/slave-agent.jnlp -secret c159219e557d0e612371b97d86f9a319584cf1c53b8ab9df73f34b46eed8865c

Related

SEVERE: https://jenkins.domainname.com/tcpSlaveAgentListener/ appears to be publishing an invalid X-Instance-Identity

We're trying to connect a previously connected agent to a Jenkins server.
We get the following error:
SEVERE: https://jenkins.domainname.com/tcpSlaveAgentListener/ appears to be publishing an invalid X-Instance-Identity.
java.io.IOException: https://jenkins.domainname.com/tcpSlaveAgentListener/ appears to be publishing an invalid X-Instance-Identity.
at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:287)
at hudson.remoting.Engine.innerRun(Engine.java:694)
at hudson.remoting.Engine.run(Engine.java:519)
The command to run the agent is:
java -jar agent.jar -jnlpUrl http://${private_ip}:8080/computer/mac/slave-agent.jnlp -secret ${secret} -workDir "/var/jenkins-sign"
We're running on a MacOS.
All TCP ports are open internally between the mac and the ${private_ip}. I have telnet working.
As said, this agent was recently connected to the server, but the agent had a restart. We also upgraded the Jenkins server to latest available version.
I updated the agent.jar file.
I think it's related to contacting ${private_ip} while the X-Instance-Identit says "jenkins.dommainame.com", but I am not sure how to resolve it.
I only saw that there were recently changes in this area, but not a lot of helpful information other than that.
Does anyone have an idea?
In case anyone else runs into the issue, in my case it was because I was passing the entire URL, i.e.
http://someurl/jenkins/computer/test/slave-agent.jnlp
and what it really wanted was
http://someurl/jenkins/
Unfortunately, I think it's related to Jenkins upgrade that caused this, and I'm not sure there's a better solution than what I found.
Putting here my solution, but if anyone knows something better, I'd be happy to hear about it :)
Download the agent.jar
Download the slave-agent.jnlp and modify it:
Change all occurrences of https://jenkins.mydomain.com to http://[private_ip]:[port].
Start the process: java -jar agent.jar -jnlpUrl "file:/path/to/dir/slave-agent.jnlp" -workDir "/path/to/dir"
Do not add the secret to this command.
If you're using Jenkins agent as a service, remove the -secret argument from the file.
Set global environment variable jenkins.agent.inboundUrl to your private adderess (with http/https) + port + suffix (if set).
This value will be used as url in JNLP file. This enables using a private address for inbound tcp agents, separate from Jenkins root URL.
see: https://issues.jenkins.io/browse/JENKINS-63222

Why can't I set up a jenkins agent on the same machine as the master (WIndows 10), Jenkins on localhost?

Can't set up an agent on the same machine as the master node in Jenkins. The Jenkins instance is on localhost as is the agent. The main problem I'm getting is:
at
yah de yah.....
at java.lang.Thread.run(Unknown Source)
Caused by: java.net.UnknownHostException: http://192.168.0.1:8080/
Here's what I tried:
1 - Configure agent launched via ssh, Host is http://192.168.0.1:8080/ (also tried 127.0.0.1 and localhost here but the URL in Jenkins config is as shown) with Jenkins admin password. Used 'Known host file Verification Strategy' Advanced setting uses port 22. Tried Jenkins Global Security settings with fixed port 22, 50000 and random port setting.
Also toggled Windows OpenSSH for client and server with the above combinations.
Configure agent by Connecting it to the master; other options as default. Got 'Agent is offline because Jenkins failed to launch the agent process' and got the 'Launch' button for webstart. Clicked on that; nothing happened (that I saw) but the file did appear in my downloads folder.
Copied the file to another directory, opened a command window in that directory and entered the 'headless' command shown in the window with the webstart button. Got:
Error: Unable to access jarfile agent.jar
Seems no matter what I try I can't connect to http://192.168.0.1:8080/
Is this some sort of tunneling issue where I need to expose localhost even though I'm not going over the Internet? I needed to do that to get my localhost Jenkins install to talk to GitHub.
Been reading numerous articles,watched videos - seems most of the material out there is for a 'real' use of creating agents on separate machines.
Any advice would be MOST appreciated.

Getting 401 Unauthorized error while trying to launch Jenkins slave via command line through JNLP using -secret option

I am trying to launch my Jenkins slave via command line through JNLP, so that I can put the command in the task scheduler. However, I am facing authentication issues only when I use the -secret option with the secret key generated by Jenkins. Works fine if I pass the -auth option with the same username password that I use for Jenkins.
java -jar slave.jar -jnlpUrl http://<jenkins host>:<port>/jenkins/computer/<Slave name>/slave-agent.jnlp -secret <secret_key> -workDir "C:\Jenkins\Robot"
Note: the command I try to execute is as is copied from Jenkins page.
It gives following error:
org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDirINFO: Using C:\Jenkins\Robot\remoting as a remoting work directory Both error and output logs will be printed to C:\Jenkins\Robot\remoting Not use http_proxy property or environment variable which is invalid: unknown protocol: one.proxy.att.com Failing to obtain http://<host:port>/jenkins/computer/<job>/slave-agent.jnlp?encrypt=true
java.io.IOException: Failed to load http://<host:port>/jenkins/computer/<job>//slave-agent.jnlp?encrypt=true: 401 Unauthorized
at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:485)
at hudson.remoting.Launcher.run(Launcher.java:316)
at hudson.remoting.Launcher.main(Launcher.java:277)
Waiting 10 seconds before retry
However, if I change command as follows, it runs successfully.
java -jar slave.jar -jnlpUrl http://<jenkins host>:<port>/jenkins/computer/<Slave name>/slave-agent.jnlp/slave-agent.jnlp -auth <user>:<pass> -workDir "C:\Jenkins\Robot"
I cannot keep my credentials in the launch file as this will remain in public shared repository. Pls help.
I think that your issue may come from a security management.
Have you enable TCP port for JNLP agents in your Global Security ?
Go to Manage Jenkins > Global Security, Enable TCP port for JNLP agents, select Fixed and fill the port you used in your jnlpUrl, then select Java Web Start Agent Protocol/4 and save your config.
Further documentation here.
I had a similar problem. I resolved it by allowing anonymous access to Jenkins (the option is available in Manage Jenkins page, Kerberos properties section - we use Kerberos Single Sign-On plugin for Jenkins authentication, so not sure how would other authentication plugins work).
I'd also recommend limiting the scope of anonymous access if you enable it.

Jenkins Build Slave - Connection not possible

I would like to connected via JNLP to the Master Jenkins server and getting always following error
Failing to obtain https://<master-server>/buildserver/computer/CaptainBrowser/slave-agent.jnlp?encrypt=true
java.io.IOException: https://<master-server>/buildserver/computer/CaptainBrowser/slave-agent.jnlp?encrypt=true doesn't look like a JNLP file; content type was text/html; charset=iso-8859-1
at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:306)
at hudson.remoting.Launcher.run(Launcher.java:219)
at hudson.remoting.Launcher.main(Launcher.java:192)
I had a similar problem. For me the issue was that the Jenkins URL in 'Configure System' was set to 'http://...' instead of 'https://...'. This meant that when I set up a node, it showed the java command to run to be also use http. E.g it said
java -jar slave.jar -jnlpUrl http:///computer//slave-agent.jnlp -secret
Running it yielded
'Failing to obtain http:///computer//slave-agent.jnlp?encrypt=true'
Changing the server URL to 'https' enabled it to work for me. It changed the command for a Jenkins node to be a 'https' URL and running that worked.
Goto jenkins --> Manage jenkins --> configure system --> http://yoursystem ip:8080/ Make sue it will be http not https. Manage Jenkins --> Global security--> Agent -->
TCP port select fixed 50000 and Inbound TCP Agent Protocol/4 (TLS encryption) under agent protocol
Create Agent node gain it will work
In my case, it started working after adding HTTPS protocol to my security group for EC2 machines. Then again run jnlp command on to jenkins slave terminal and it will be connected.

Issues with Jenkins 1.67 URL set up

I am trying to set a new Jenkins instance (version 1.67) on to a Windows Server 2012 r2.
I am trying to configure a custom URL instead of using
localhost:8080
etc..
I have set Jenkins URL as
NewServer.domainname.com
But I cannot access it via that url, I get presented with a message "Remote Web Access is turned off" it only allows me to connect when I follow the URL with the port number;
NewServer.domainname.com:8080
I am sure that Remote web access is completely different from what my goal is.
By default, Jenkins launches its own built-in webserver, listening on port 8080.
Changing the URL in the Jenkins configuration does not change the port that the running webserver listens on, but rather the URL that is shown within the UI, or in emails sent to users etc.
In order to access Jenkins at just NewServer.domainname.com (i.e. running on port 80), you would first have to disable Windows Remote Web Access, which is currently occupying port 80.
You would then need to stop Jenkins and start it again with the flag --httpPort=80; these options are documented on the Jenkins wiki.
If Jenkins was started as a Windows Service, you can edit the jenkins.xml file as shown in these answers.
Just wanted to say, after setting Jenkins.xml to run on port 80, and then via the Jenkins web interface using
'install as service'
I found that this process seemed to create a new jenkins.xml along with the default httpPort which is stored within the Jenkins.war.
I get around this I installed as a service, ensured that the service was not set to start on start up. Rebooted the machine
On start up I re-edited the jenkins.xml httpPort value back to 80. Started the service and now running very happy!

Resources