Jenkins master is running on Amazon instance and slave machine set up on dedicated Soyoustart machine. Worked fine until it was needed to redo the slave setup: reinstalled the OS, installed Java, added masters key to slave authorized_keys and removed/added again the slave in masters known_hosts. Set up new credentials for the slave and configured the node in Jenkins master but it is unable to connect to the slave.
The setup is the the same that is and has been working with other slaves without hiccups. The only thing different is that this time the new slave is the same machine with the IP as the old one was.
It is possible to ssh into the slave from master from CLI(replaced filename and slave IP with placeholder for this post):
$ ssh -i <key-file> jenkins#<slave-ip>
Credentials have been set up :
Node is configured:
Output when connecting to the slave:
[05/17/15 07:30:31] [SSH] Opening SSH connection to <slave-ip>.
Key exchange was not finished, connection is closed.
ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
java.lang.IllegalStateException: Connection is not established!
at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.getRemainingAuthMethods(TrileadSSHPublicKeyAuthenticator.java:88)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.canAuthenticate(TrileadSSHPublicKeyAuthenticator.java:80)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1173)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[05/17/15 07:30:31] Launch failed - cleaning up connection
[05/17/15 07:30:31] [SSH] Connection closed.
Version numbers:
Jenkins 1.613
SSH Credentials Plugin 1.11
SSH Slaves plugin 1.9
For those who prefer to dig into code:
SSH Credentials Plugin
SSH Slave Plugin
Trilead SSH
Am I missing something obvious here? What could be causing this? Any known workaround? Or does it look like a bug that needs to be reported?
Please let me know if more information is needed.
I'm running Jenkins master using official Docker image which uses OpenJDK8 and should not need to install JCE.
Apparently this is an unresolved issue in Jenkins/SSH security.
My current workaround is by commenting out MACs and KexAlgorithm line in /etc/ssh/sshd_config of Jenkins Slave and restarting the sshd (service ssh restart on Ubuntu)
UPDATE: the issue has been resolved as of 2017-04-29
I suspect that you need to install the Java Cryptography Extension for your JVM.
Without that the RSA key size is limited and authentication is not being established.
See https://issues.jenkins-ci.org/browse/JENKINS-26495 for more details.
Related
while running the jenkins job I got above error, I found jenkins agent is active and connected to master. we used linux vm as a jenkins-agent(docker2). Java version is 1.8.0_222, jenkins version is 2.332.3. Please check the above error for more details.
I tried updating java version, restarted jenkins agent by killing jenkins process on vm, rebooted the respected vm(docker2) ,updated jenkins git plugin , ping the master node from agent node (docker), curl the git repo from agent machine (docker2).
Expecting to able to call docker2 agent and complete job configuration as expected.
please help me out of this, thank you in advance
I am trying to set up Jenkins to make a production deployment. The aim is to allow Jenkins execute git clone, build and deployment etc. on production server.
Jenkins is running on Configuration Management Server (CentOs 7) and Production Server is another Server (Centos 7).
I started by creating a new node in Jenkins with configuration below:
Then I added Production Server IP address to Jenkins known host like below
-bash-4.2$ cat /var/lib/jenkins/.ssh/known_hosts
192.168.1.xx ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYblabla=
And I confirmed that on Configuration Management server under Jenkins account I could ssh to Production Server.
But on Jenkins the node status is always like this:
This agent is offline because Jenkins failed to launch the agent process on it.
Node log was like this:
SSHLauncher{host='192.168.1.xx', port=22, credentialsId='service account at w', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.NonVerifyingKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true}
[02/12/20 20:57:51] [SSH] Opening SSH connection to 192.168.1.xx:22.
[02/12/20 20:57:51] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.
ERROR: Server rejected the 1 private key(s) for service_account (credentialId:service_account at webi/method:publickey)
[02/12/20 20:57:51] [SSH] Authentication failed.
Authentication failed.
[02/12/20 20:57:51] Launch failed - cleaning up connection
[02/12/20 20:57:51] [SSH] Connection closed.
Could anybody help with following questions:
Do I need to install Jenkins on Production Server as well?
How to configure Jenkins to run pipeline on
new node?
Okay I finally figured out:
There is no need to install Jenkins on Production Server;
The reason for SSH connection failure was wrong credentials for Jenkins set up. Essentially Jenkins will execute an SSH connection thus username/password should be used for this. so what I did was to create a new Credential and Jenkins will copy over a JAR file to /var/jenkins directory.
You would also need to change ownership of /var/jenkins directory!
I have installed a Jenkins master on my Mac OS, version is 2.90.
I have installed a Jenkins slave on my ubuntu, and created a user called jenkins at /home/jenkins.
I have copied my pub key from master to slave and using
ssh jenkins#slave_ip
I can login from master to slave with no password.
However, I cannot create a new slave at Jenkins, it has the following issues:
1. Launch method does not have option "Launch slave agents via SSH",therefore I cannot set credentials.
2. since launch method only has "Launch agent via execution of command on the master" and another option for windows, I input Launch command as: ssh -v jenkins#slave_ip.
but master cannot connect with slave.
To troubleshoot, I login slave manually, I see master does ssh to slave successfully. as it shows:
sudo tail -f /var/log/auth.log:
Nov 19 00:10:32 ip-172-31-18-180 sshd[8908]: Accepted publickey for
jenkins from my_master_ip port 62411 ssh2: RSA
80:23:0e:1b:34:c1:90:52:a6:df:d0:24:6f:10:80:73
Nov 19 00:10:32 ip-172-31-18-180 sshd[8908]: pam_unix(sshd:session):
session opened for user jenkins by (uid=0)
so I doubt maybe Jenkins credential is not set because master does not send private key to slave. (I do not have this option in my Jenkins UI)
what should I do? how to make Launch method option "Launch slave agents via SSH" show, so that I can input credential of master?
you should use Launch slave agents via SSH to connect the ubuntu as slave.
you should install https://wiki.jenkins.io/display/JENKINS/SSH+Slaves+plugin
than add the Host & Credentials
I'm currently playing around with Jenkins on Raspi within Docker (using dilgerm/rpi-jenkins image).
Now I have a problem with connecting to a Bitbucket Git repository.
When entering the repository url, I get (the commonly known) "Failed to connect to repository"
When using https and providing credentials (via Jenkins Credentials store), I get the error.
When using ssh and configuring the keys properly, I get the same error.
Now I am wondering if I have to configure the ssh-key withing the docker container (for the Jenkins user?). Currently, I have implemented the key on the hosting Raspi itself.
Or may it be required to configure/publish the ssl port of the Docker container on startup (-p parameter)?
Any help appreciated.
I tried today to configure my nodes in Jenkins with with docker 1.3.1, and Jenkins docker plugin v0.8.
The docker containers started successfully from jenkins but jenkins rejected them as the there were some echos in my bashrc.
I deleted these nodes manually from Docker server.
Now, I need to delete these nodes from jenkins and I cannot delete them. The delete operation simply hangs.
Any change to Jenkins configuration also hangs.
Any suggestions please?
Note:
tried using
1. Groovy console to delete Docker nodes
2. Tried using delete option from Manage jenkins -> nodes
3. Tried using Jenkins-cli script to delete these nodes.
Container logs
SSH connection reports a garbage before a command execution.
Check your .bashrc, .profile, and so on to make sure it is quiet.
The received junk text is as follows:
hudson.AbortException
at hudson.plugins.sshslaves.SSHLauncher.verifyNoHeaderJunk(SSHLauncher.java:854)
at hudson.plugins.sshslaves.SSHLauncher.access$100(SSHLauncher.java:134)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:698)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:691)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:701)
[11/05/14 15:54:55] Launch failed - cleaning up connection
[11/05/14 15:54:55] [SSH] Connection closed.
Since any change in the configuration cannot be performed, I am totally stuck.
Manually removed elements from jenkins/config.xml and restarted jenkins