I'm not sure of what the proper steps are for configuring the Jenkins master to build/deploy these jobs to a new slave, and how to set up the new slave, but it is giving an error. For instance, do I need to install anything on the new slave, or do any kind of setup/config? & I'm configuring on Ubuntu OS.
just before slave node1 gets launched ...
executing pre-launch scripts ...
[06/25/15 13:06:55] [SSH] Opening SSH connection to 192.168.4.153:22.
ERROR: Server rejected the 1 private key(s) for jenkins (credentialId:fd3affc2-25a4-4b24-9e21-275badb8b6d9/method:publickey)
ERROR: Failed to authenticate as jenkins with credential=fd3affc2-25a4-4b24-9e21-275badb8b6d9
java.io.IOException: Publickey authentication failed.
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:315)
at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:467)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:109)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:408)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:428)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1173)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Decrypted PEM has wrong padding, did you specify the correct password?
at com.trilead.ssh2.crypto.PEMDecoder.removePadding(PEMDecoder.java:110)
at com.trilead.ssh2.crypto.PEMDecoder.decryptPEM(PEMDecoder.java:287)
at com.trilead.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:320)
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:224)
... 11 more
[06/25/15 13:06:55] [SSH] Authentication failed.
hudson.AbortException: Authentication failed.
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1178)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[06/25/15 13:06:55] Launch failed - cleaning up connection
[06/25/15 13:06:55] [SSH] Connection closed.
This article explains how to connect a slave to the master using the master public ssh key:
https://www.caktusgroup.com/blog/2012/01/10/configuring-jenkins-slave/
To resume:
Generate a public SSH key on the master: ssh-keygen -t rsa (with no paraphrase)
Copy the public master key from .ssh/id_rsa.pub
On the slave, paste the public key in /home/jenkins/.ssh/authorized_keys (if /home/jenkins is your home folder)
Please confirm it solves your issue.
The real issue in question is Caused by: java.io.IOException: Decrypted PEM has wrong padding, did you specify the correct password? so there maybe mistake in private key text or wrong passphrase.
In my case I've got an error PEM problem: it is of unknown type with key which looks like valid:
-----BEGIN RSA PRIVATE KEY-----
...
...
-----END RSA PRIVATE KEY----
but it's not valid because I've lost last "-" character when copy/paste private key from terminal, so the right form should be:
-----BEGIN RSA PRIVATE KEY-----
...
...
-----END RSA PRIVATE KEY-----
The .ssh directory on the agent must have proper access permissions so that group and others do not have write permissions. The following command should make it work:
chmod 700 ~/.ssh
Related
I am using Subversion plugin in Jenkins. My master machine (Windows) is unable to connect to SVN server (using Apache Subversion v1.7) via svn+ssh throwing exception
Running as SYSTEM
Building on master in workspace c:\Program Files (x86)\Jenkins\w4ManagerWorkspace
Updating svn+ssh://10.74.1.41/data/subversion/svn/tools/testComplete/trunk/W4Manager at revision '2022-12-01T10:31:08.582 +0100' --quiet
Using sole credentials arpc_ta/****** in realm ‘svn+ssh://10.74.1.41’
ERROR: Failed to update svn+ssh://10.74.1.41/data/subversion/svn/tools/testComplete/trunk/W4Manager
org.tmatesoft.svn.core.SVNException: svn: E210002: There was a problem while connecting to 10.74.1.41:22
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:70)
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:57)
at org.tmatesoft.svn.core.internal.io.svn.SVNSSHConnector.open(SVNSSHConnector.java:145)
at org.tmatesoft.svn.core.internal.io.svn.SVNConnection.open(SVNConnection.java:79)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.openConnection(SVNRepositoryImpl.java:1282)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.testConnection(SVNRepositoryImpl.java:100)
at org.tmatesoft.svn.core.io.SVNRepository.getRepositoryUUID(SVNRepository.java:268)
at org.tmatesoft.svn.core.internal.wc2.SvnRepositoryAccess.createRepository(SvnRepositoryAccess.java:103)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.createRepository(SvnNgRepositoryAccess.java:211)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.updateInternal(SvnNgAbstractUpdate.java:210)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.update(SvnNgAbstractUpdate.java:115)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgUpdate.run(SvnNgUpdate.java:40)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgUpdate.run(SvnNgUpdate.java:18)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgOperationRunner.run(SvnNgOperationRunner.java:20)
at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21)
at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1239)
at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294)
at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:311)
at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:291)
at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:387)
at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:159)
at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:168)
at hudson.scm.SubversionSCM$CheckOutTask.perform(SubversionSCM.java:1064)
at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:1040)
at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:1013)
at hudson.FilePath.act(FilePath.java:1172)
at hudson.FilePath.act(FilePath.java:1155)
at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:960)
at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:883)
at hudson.scm.SCM.checkout(SCM.java:505)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1213)
at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:637)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:85)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:509)
at hudson.model.Run.execute(Run.java:1888)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:99)
at hudson.model.Executor.run(Executor.java:431)
Caused by: java.io.IOException: There was a problem while connecting to 10.74.1.41:22
at com.trilead.ssh2.Connection.connect(Connection.java:781)
at org.tmatesoft.svn.core.internal.io.svn.ssh.SshHost.openConnection(SshHost.java:225)
at org.tmatesoft.svn.core.internal.io.svn.ssh.SshHost.openSession(SshHost.java:153)
at org.tmatesoft.svn.core.internal.io.svn.ssh.SshSessionPool.openSession(SshSessionPool.java:85)
at org.tmatesoft.svn.core.internal.io.svn.SVNSSHConnector.open(SVNSSHConnector.java:122)
... 35 more
Caused by: java.io.IOException: **Key exchange was not finished, connection is closed.**
at com.trilead.ssh2.transport.KexManager.getOrWaitForConnectionInfo(KexManager.java:95)
at com.trilead.ssh2.transport.TransportManager.getConnectionInfo(TransportManager.java:237)
at com.trilead.ssh2.Connection.connect(Connection.java:732)
... 39 more
Caused by: java.io.IOException: **Fatal error during MAC startup!**
at com.trilead.ssh2.transport.KexManager.finishKex(KexManager.java:298)
at com.trilead.ssh2.transport.KexManager.handleMessage(KexManager.java:571)
at com.trilead.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:790)
at com.trilead.ssh2.transport.TransportManager$1.run(TransportManager.java:502)
at java.lang.Thread.run(Unknown Source)
ERROR: Subversion update failed
java.io.IOException: Fatal error during MAC startup!
at com.trilead.ssh2.transport.KexManager.finishKex(KexManager.java:298)
at com.trilead.ssh2.transport.KexManager.handleMessage(KexManager.java:571)
at com.trilead.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:790)
at com.trilead.ssh2.transport.TransportManager$1.run(TransportManager.java:502)
at java.lang.Thread.run(Unknown Source)
Caused: java.io.IOException: Key exchange was not finished, connection is closed.
at com.trilead.ssh2.transport.KexManager.getOrWaitForConnectionInfo(KexManager.java:95)
at com.trilead.ssh2.transport.TransportManager.getConnectionInfo(TransportManager.java:237)
at com.trilead.ssh2.Connection.connect(Connection.java:732)
Caused: java.io.IOException: There was a problem while connecting to 10.74.1.41:22
at com.trilead.ssh2.Connection.connect(Connection.java:781)
at org.tmatesoft.svn.core.internal.io.svn.ssh.SshHost.openConnection(SshHost.java:225)
at org.tmatesoft.svn.core.internal.io.svn.ssh.SshHost.openSession(SshHost.java:153)
at org.tmatesoft.svn.core.internal.io.svn.ssh.SshSessionPool.openSession(SshSessionPool.java:85)
at org.tmatesoft.svn.core.internal.io.svn.SVNSSHConnector.open(SVNSSHConnector.java:122)
Caused: org.tmatesoft.svn.core.SVNException: svn: E210002: There was a problem while connecting to 10.74.1.41:22
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:70)
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:57)
at org.tmatesoft.svn.core.internal.io.svn.SVNSSHConnector.open(SVNSSHConnector.java:145)
at org.tmatesoft.svn.core.internal.io.svn.SVNConnection.open(SVNConnection.java:79)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.openConnection(SVNRepositoryImpl.java:1282)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.testConnection(SVNRepositoryImpl.java:100)
at org.tmatesoft.svn.core.io.SVNRepository.getRepositoryUUID(SVNRepository.java:268)
at org.tmatesoft.svn.core.internal.wc2.SvnRepositoryAccess.createRepository(SvnRepositoryAccess.java:103)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.createRepository(SvnNgRepositoryAccess.java:211)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.updateInternal(SvnNgAbstractUpdate.java:210)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.update(SvnNgAbstractUpdate.java:115)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgUpdate.run(SvnNgUpdate.java:40)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgUpdate.run(SvnNgUpdate.java:18)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgOperationRunner.run(SvnNgOperationRunner.java:20)
at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21)
at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1239)
at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294)
at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:311)
at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:291)
at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:387)
at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:159)
Caused: hudson.scm.subversion.UpdaterException: failed to perform svn update
Caused: java.io.IOException
at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:214)
at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:168)
at hudson.scm.SubversionSCM$CheckOutTask.perform(SubversionSCM.java:1064)
at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:1040)
at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:1013)
at hudson.FilePath.act(FilePath.java:1172)
at hudson.FilePath.act(FilePath.java:1155)
at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:960)
at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:883)
at hudson.scm.SCM.checkout(SCM.java:505)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1213)
at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:637)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:85)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:509)
at hudson.model.Run.execute(Run.java:1888)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:99)
at hudson.model.Executor.run(Executor.java:431)
[Checks API] No suitable checks publisher found.
Finished: FAILURE
The same Jenkins project run from slave machine is successful. On my slave machine Jenkins is running as windows service.
Running as SYSTEM
Building remotely on slaveMachine (slave_1) in workspace c:\Program Files (x86)\Jenkins\w4ManagerWorkspace
Updating svn+ssh://10.74.1.41/data/subversion/svn/tools/testComplete/trunk/W4Manager at revision '2022-12-01T12:30:51.663 +0100' --quiet
Using sole credentials arpc_ta/****** in realm ‘svn+ssh://10.74.1.41’
Using sole credentials arpc_ta/****** in realm ‘svn+ssh://10.74.1.41’
At revision 7401
In projects configuration in Jenkins is shown, that something is not in order with message "Unable to access the repository"
However, when I run the same project on my slave machine, the connection is successful, and Jenkins does not show in console any error. svn update command finishes successfully. Both my master and slave machines are Windows server VMs with. Connection from master to SVN from TortoiseSVN is successful, and I am able to checkout the repository. I used SVN few years without problems, Subversion plugin was just installed to Jenkins.
Found similar issues e.g. Jenkins Master-Slave: Key exchange was not finished, connection is closed or https://support.tmatesoft.com/t/svn-e210002-svnkit-doesnt-connect-to-remote-repository/2480/13, with solution to edit config file /etc/ssh/sshd_config on svn server, but I don't think that can be the issue, since from slave machine the connection is successful. I checked also Java version, they are the same on both windows servers.
Tried also different credential types, public key authentication and user/pw from scm console of Jenkins [jenkinsUrl]/scm/SubversionSCM/enterCredential but it throws the same error, just from the line Fatal error during MAC startup!
edit: On SVN server in /var/log/secure there is Connection closed message from my master machine (10.74.37.1), no other error or details. From slave machine (10.74.37.28) the connection is accepted
Dec 5 14:47:11 xlcppt28 sshd[24808]: Connection closed by 10.74.37.1 port 57664 [preauth]
Dec 5 14:47:13 xlcppt28 sshd[24811]: Accepted password for arpc_ta from 10.74.37.28 port 57941 ssh2
Dec 5 14:47:13 xlcppt28 sshd[24811]: pam_unix(sshd:session): session opened for user arpc_ta by (uid=0)
Problem was resolved with updating Jenkins and then every plugin in Jenkins (as my Jenkins server is offline, that wasn't 2 clicks..) I also updated Java.
Configured Node:
Launch method: Launchagents via SSH
Host: host
Credentials: added a new one by specifying username and Private key
Host Key Verification Strategy: Not verifying (The error does not differ when choosing a different value)
When I try to connect, I get an error:
[08/24/22 14:39:14] [SSH] Opening SSH connection to host:22.
[08/24/22 14:39:14] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.
ERROR: Server rejected the 1 private key(s) for cred_name (credentialId:cred_name/method:publickey)
ERROR: Failed to authenticate as cred_name with credential=cred_name
java.io.IOException: Publickey authentication failed.
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:349)
at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:472)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:110)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:431)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:468)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:881)
at hudson.plugins.sshslaves.SSHLauncher.lambda$launch$0(SSHLauncher.java:434)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.io.IOException: Could not generate signature
at com.trilead.ssh2.signature.KeyAlgorithm.generateSignature(KeyAlgorithm.java:43)
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:316)
... 10 more
Caused by: java.security.SignatureException: Could not sign data
at java.base/sun.security.rsa.RSASignature.engineSign(RSASignature.java:196)
at java.base/java.security.Signature$Delegate.engineSign(Signature.java:1423)
at java.base/java.security.Signature.sign(Signature.java:712)
at com.trilead.ssh2.signature.KeyAlgorithm.generateSignature(KeyAlgorithm.java:41)
... 11 more
Caused by: javax.crypto.BadPaddingException: RSA private key operation failed
at java.base/sun.security.rsa.RSACore.crtCrypt(RSACore.java:209)
at java.base/sun.security.rsa.RSACore.rsa(RSACore.java:130)
at java.base/sun.security.rsa.RSASignature.engineSign(RSASignature.java:193)
... 14 more
[08/24/22 14:39:14] [SSH] Authentication failed.
From the machine on which Jenkins is installed, I can connect to a remote one using:
ssh name#host -p 22
All the solutions I found to this issue were solved through the console under the user Jenkins
But how to solve this issue using the jenkins UI, because the connection to the previously created Node is active, the problems are only with this. Maybe he indicated something wrong
The private key was created using:
ssh-keygen -t rsa
I took the key from rsa_id
I had the same issue. I think it's a bug.
I changed the type of ssh-key to ed25519 and it worked.
ssh-keygen -t ed25519
I did the setup of the Cosmos DB emulator on the local machine, and started with the following parameters:
/port=443 /AllowNetworkAccess /Key=<CosmosPrimaryKey>
And currently, it is accessible via https://<LocalMachineIP>/
When I tried to make a curl request from the docker Redhat container (using docker image: confluentinc/cp-kafka-connect) it throws the below error:
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
And when trying to crate cosmos DB source connector it throws the below error:
[20 10:37:45,018] ERROR Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java (com.azure.cosmos.implementation.RxDocumentClientImpl)
[2022-05-20 10:37:45,079] ERROR unexpected failure in initializing client. (com.azure.cosmos.implementation.RxDocumentClientImpl)
java.lang.RuntimeException: Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java
at com.azure.cosmos.implementation.RxDocumentClientImpl.initializeGatewayConfigurationReader(RxDocumentClientImpl.java:401)
.......
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
[2022-05-20 10:37:45,095] WARN [8e2a220b, L:/172.25.0.6:57076 ! R:/192.168.154.131:443] The connection observed an error (reactor.netty.http.client.HttpClientConnect)
shaded.io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at shaded.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477)
..........
at shaded.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at shaded.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at shaded.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
.........
at shaded.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1283)
at shaded.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
at shaded.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
... 17 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
.....................
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 37 more
I have exported the cosmos emulator .cer file using this article.
How to install it in the Docker container "kafka-connect"?
Can you post your curl request?
You need to use the -k flag to denote that it’s insecure.
curl -k https://{emulatoripaddr}:8081/_explorer/emulator.pem > emulatorcert.crt
It needs to be .crt
Then copy it to
/usr/local/share/ca-certificates/
Then install it
update-ca-certificates
Additionally you can mount a volume to the cosmos folder and save the .pem manually… /tmp/cosmos/appdata
i have CA cert password protected in my docker. How can i supply the password. I can't even go into my docker to set the password of ssl based on reference from
https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html#generate-certificates
where i need do below
/bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add
xpack.security.transport.ssl.truststore.secure_password
Exception
"Caused by: org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl]",
"Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager",
"Caused by: java.io.IOException: keystore password was incorrect",
"Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.",
ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager]; nested: IOException[keystore password was incorrect]; nested: UnrecoverableKeyException[failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.];
Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
I have Box Master and Box Slave in AWS EC2 instances. I created jenkins user in Box Slave and I copied the master's public keys to slave. Now I created a new node in Jenkins Master. However, when I connect to slave using Launch agent via execution of command on master using command ssh -tt jenkins#10.15.0.10, it gives me the following error:
just before slave Services-Slave gets launched ...
executing pre-launch scripts ...
[06/26/17 16:25:28] Launching agent
$ ssh -tt jenkins#10.15.0.10
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-1020-aws x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
5 packages can be updated.
0 updates are security updates.
Last login: Mon Jun 26 20:19:51 2017 from 10.15.0.5
<===[JENKINS REMOTING CAPACITY]===>To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
jenkins#ip-10-94-0-63:~$ <===[JENKINS REMOTING CAPACITY]===ERROR: Unable to launch the agent for Services-Slave
java.io.IOException: Invalid encoded sequence encountered: 08 08 08 08
at hudson.remoting.BinarySafeStream$1._read(BinarySafeStream.java:194)
at hudson.remoting.BinarySafeStream$1.read(BinarySafeStream.java:80)
at hudson.remoting.BinarySafeStream$1.read(BinarySafeStream.java:97)
at java.io.FilterInputStream.read(FilterInputStream.java:107)
at hudson.remoting.BinarySafeStream$1._read(BinarySafeStream.java:189)
at hudson.remoting.BinarySafeStream$1.read(BinarySafeStream.java:125)
at java.io.FilterInputStream.read(FilterInputStream.java:107)
at hudson.remoting.BinarySafeStream$1._read(BinarySafeStream.java:189)
at hudson.remoting.BinarySafeStream$1.read(BinarySafeStream.java:125)
at java.io.ObjectInputStream$PeekInputStream.read(ObjectInputStream.java:2338)
at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2351)
at java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:3092)
at java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2892)
at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1075)
at java.io.ObjectStreamClass.readNonProxy(ObjectStreamClass.java:684)
at java.io.ObjectInputStream.readClassDescriptor(ObjectInputStream.java:833)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1609)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1521)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1781)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1353)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:373)
at hudson.remoting.Capability.read(Capability.java:140)
at hudson.remoting.ChannelBuilder.negotiate(ChannelBuilder.java:391)
at hudson.remoting.ChannelBuilder.build(ChannelBuilder.java:310)
at hudson.slaves.SlaveComputer.setChannel(SlaveComputer.java:389)
at hudson.slaves.CommandLauncher.launch(CommandLauncher.java:132)
at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:262)
at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
If I run the same command from my username from master it is able to ssh successfully. Any idea why this is happening?
I tried giving the .pem file
I also did sudo -u jenkins. Nothing works.
Several things were going wrong here too, while configuring master-node communication. Somewhere it seemed like, master is caching the configurations for nodes. Sometimes removing and adding the node did work!
But in the end, this helped every-time.
https://docs.google.com/document/d/1Qq-EkiUnC5x8BuM4AZWo-yRUQTrkberzz8JfdCM6yuc/edit?pli=1