When launching a slave agent from a slave machine using the "Launch agent from browser on slave" option, it fails. It opens a window for slave-agent.jnlp and when opened with Java Web Start Launcher, it shows the launching application pop up and then another pop up comes with "Failed to Validate Certificate" message.
And the error details are:
java.security.cert.CertificateException:
java.security.cert.CertPathValidatorException:
java.security.InvalidKeyException: Wrong key usage
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertPathValidatorException:
java.security.InvalidKeyException: Wrong key usage
at sun.security.provider.certpath.OCSPResponse.verifyResponse(Unknown Source)
at sun.security.provider.certpath.OCSPResponse.<init>(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at com.sun.deploy.security.TrustDecider.doOCSPEEValidation(Unknown Source)
... 13 more
Caused by: java.security.InvalidKeyException: Wrong key usage
at java.security.Signature.initVerify(Unknown Source)
... 18 more
Whereas when I run the "if the slave is headless:" option it opens a command prompt and shows messages of getting connected to the master. The slave also shows online on the dashboard.
The master is on my local machine, and I connect to a remote machine (Windows XP) via VPN. I want to use this remote as slave as a Windows service rather than running through a command prompt. How can I do this?
After installing the Jenkins slave as a service, go to the configured "Remote root directory" on your slave, open the jenkins-slave.xml file in a text editor, add -noCertificateCheck to the end of the <arguments> tag, and restart the service. That should get rid of the certificate exception.
First, from the control panel select "Java". Select "Advanced" tab. Extend "Security". Ensure "Enable online certificate validation", and "Enable online certificate validation for publisher certificate only" are unchecked.
Then run the JNLP file. You need to create the Jenkins root directory if it does not exist.
Finally, follow #sschuberth's answer.
Related
I'm running Ubuntu on Oracle VM from my Windows 10 machine.
On Ubuntu, I'm running Jenkins in a docker container.
In this I've created a job which in which a I've added a SonarScanner build step.
In sonar configurations, I've mentioned a remote URL of my sonar server. Same URL can be opened in web browser without any problem.
I've also mentioned sonar project properties in the build step.
But when I execute the build, I get error, that jenkins is not able to connect sonar server.
But it's fishy since, I'm able to open same URL from my browser.
The jenkins setup & sonar configurations also seems to correct as same I've used in my native window's jenkins setup & it worked.
So I think it is something to do with VM, but not sure exactly what.
Any suggestions.
Also, on Ubuntu I'm working as a default user with admin access. (Not as root user)
Thank you
Error Trace:
10:34:27.358 ERROR: Error during SonarQube Scanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:167)
at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:113)
at org.sonarsource.scanner.cli.Main.execute(Main.java:73)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
... 7 more
Caused by: java.net.UnknownHostException: sonarqube.intranet.myhost.com: Name or service not known
at java.net.Inet4AddressImpl.lookupAllHostAddr(Native Method)
at java.net.InetAddress$2.lookupAllHostAddr(InetAddress.java:928)
at java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1323)
at java.net.InetAddress.getAllByName0(InetAddress.java:1276)
at java.net.InetAddress.getAllByName(InetAddress.java:1192)
at java.net.InetAddress.getAllByName(InetAddress.java:1126)
at org.sonarsource.scanner.api.internal.shaded.okhttp.Dns$1.lookup(Dns.java:39)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RouteSelector.resetNextInetSocketAddress(RouteSelector.java:171)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RouteSelector.nextProxy(RouteSelector.java:137)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RouteSelector.next(RouteSelector.java:82)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:171)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:185)
at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:69)
at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:113)
at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:98)
at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:39)
... 10 more
WARN: Unable to locate 'report-task.txt' in the workspace. Did the SonarScanner succedeed?
ERROR: SonarQube scanner exited with non-zero code: 1
Finished: FAILURE
I am searching for a best practice for switching svn repo paths from many jenkins jobs at once.
We have many different jobs which all define an svn path and poll our svn repo every 5 minutes.
Normally we build all projects from their trunks (subversion plugin 2.7.1).
But sometimes for bugfix reasons we want to be able to build all or certain projects from predefined tags or branches.
This switch should be made on a global job level not in the actual jobs themselves.
I have defined a job which lists all svn paths for our projects (using List Subversion tags plugin).
When the job gets fired every selected path gets written into a properties file with a key-value pair like "SVN_Projectname=tags/TAGNAME".
When no subversion tag is selected for a project the default vaule "SVN_Projectname=trunk" is written to the file for that project.
This is running without any issues...
I created a test job with a textparameter called "SVN_Projectname" and used the envInject plugin option "Prepare an environment for the run" with "Override Build Parameters" to read the already existent properties file.
Also the subversion plugin is provided with the parameter "${SVN_Projectname}" for the read parameter value from file.
Additional credentials (realm and credentials) are also provided and polling is activated for that job too.
Running that job manually is no problem, but the actual value from the file is generating polling results of the following error (scm-polling.log):
Started on 11.10.2017 14:53:00
Received SCM poll call on master for XXX_TAG on 11.10.2017 14:53:00
ERROR: Failed to check repository revision for http://XXX/svn/repository_XXX/Project/tags/tagname
[8mha:AAAAWB+LCAAAAAAAAP9b85aBtbiIQSmjNKU4P08vOT+vOD8nVc8DzHWhSE4tKMnjz/PLL0ldFVf2c+b/lb8MDAwVRQxSaBqxXTRIIQMEMIIUFgAAckCEiWAAAAA=[0morg.tmatesoft.svn.core.SVNCancelException: svn: E200015: E200015: ISVNAuthentication provider did not provide credentials; HTTP authorization cancelled.
svn: E200015: ISVNAuthentication provider did not provide credentials; HTTP authorization cancelled.
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:66)
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:57)
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:798)
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:391)
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:379)
at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:862)
at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:698)
at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:118)
at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1049)
at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.getLatestRevision(DAVRepository.java:189)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.getRevisionNumber(SvnNgRepositoryAccess.java:119)
at org.tmatesoft.svn.core.internal.wc2.SvnRepositoryAccess.getLocations(SvnRepositoryAccess.java:195)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.createRepositoryFor(SvnNgRepositoryAccess.java:46)
at org.tmatesoft.svn.core.internal.wc2.remote.SvnRemoteGetInfo.run(SvnRemoteGetInfo.java:46)
at org.tmatesoft.svn.core.internal.wc2.remote.SvnRemoteGetInfo.run(SvnRemoteGetInfo.java:31)
at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21)
at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1235)
at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294)
at org.tmatesoft.svn.core.wc.SVNWCClient.doInfo(SVNWCClient.java:2535)
at hudson.scm.SubversionSCM.parseSvnInfo(SubversionSCM.java:1228)
at hudson.scm.CompareAgainstBaselineCallable.call(CompareAgainstBaselineCallable.java:79)
at hudson.scm.CompareAgainstBaselineCallable.call(CompareAgainstBaselineCallable.java:27)
at hudson.remoting.LocalChannel.call(LocalChannel.java:45)
at hudson.scm.SubversionSCM.compareRemoteRevisionWith(SubversionSCM.java:1425)
at hudson.scm.SCM.compareRemoteRevisionWith(SCM.java:391)
at hudson.scm.SCM.poll(SCM.java:408)
at hudson.model.AbstractProject._poll(AbstractProject.java:1460)
at hudson.model.AbstractProject.poll(AbstractProject.java:1363)
at jenkins.triggers.SCMTriggerItem$SCMTriggerItems$Bridge.poll(SCMTriggerItem.java:128)
at hudson.triggers.SCMTrigger$Runner.runPolling(SCMTrigger.java:557)
at hudson.triggers.SCMTrigger$Runner.run(SCMTrigger.java:603)
at hudson.util.SequentialExecutionQueue$QueueEntry.run(SequentialExecutionQueue.java:119)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.tmatesoft.svn.core.SVNCancelException: svn: E200015: ISVNAuthentication provider did not provide credentials; HTTP authorization cancelled.
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:728)
... 34 more
Done. Took 0,17 sec
No changes
While i have provided all credentials to the job and starting the job manually, there is no problem. I dont understand what the actual problem is...
Or is there a better way of automating such a behavior?
Maybe manipulating the projects config.xmls with a changed svn path is a possibility?
But then jenkins service would have to be restarted? and i would prefer to make the change on the fly ^^
I am trying to get my Jenkins publish files over ssh. I use pipeline scripts, that is because I have to use the ssh agent. But I am not able to configure it correctly, it is always throwing an exception. This is what I did so far for debugging:
I configured ssh credentials on the "Publish over SSH" part in global settings and as credentials (SSH Username with private key).
I use a file on the master without passphrase.
I created a freestyle job and configured the "Publish SSH"-Plugin to make an "ls" on the remote machine. This works.
I checked the box to use "ssh agent", but this leads to an exception:
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent] Java/JNR ssh-agent
[ssh-agent] Skipped registering BouncyCastle, not running on a remote agent
[ssh-agent] Started.
[ssh-agent] Unable to read key: Unable to create OpenSSL PBDKF: Could not generate secret key
org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: Could not generate secret key
at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
at org.bouncycastle.openssl.jcajce.PEMUtilities.crypt(Unknown Source)
at org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder$1$1.decrypt(Unknown Source)
at org.bouncycastle.openssl.PEMEncryptedKeyPair.decryptKeyPair(Unknown Source)
at jenkins.bouncycastle.api.PEMEncodable.decode(PEMEncodable.java:162)
at com.cloudbees.jenkins.plugins.sshagent.jna.JNRRemoteAgent.addIdentity(JNRRemoteAgent.java:79)
at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper$SSHAgentEnvironment.add(SSHAgentBuildWrapper.java:395)
at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:229)
at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:528)
at hudson.model.Run.execute(Run.java:1741)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:410)
Caused by: java.security.spec.InvalidKeySpecException: Could not generate secret key
at javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:347)
... 15 more
Caused by: java.lang.IllegalArgumentException: password empty
at org.bouncycastle.jcajce.provider.symmetric.OpenSSLPBKDF$PBKDF.engineGenerateSecret(Unknown Source)
at javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:336)
... 15 more
I tried to type some dummy passphrase, this leads to a different exception (something with "check your credentials").
I tried to set the path for the key file to something different, this leads to a third exception (Like FileNotFound)
There is no difference between running on master or slave.
The error message "password empty" looks as if the empty passphrase makes problems - but the "publish over ssh" plugin has no problems with it, so I think it should be ok like this.
I have no idea what else I could check. I am near to create a freestyle job with "publish over ssh" which is triggered by my pipeline job... but seriously this is not the way it should be done?...
I am trying to trigger builds automatically when a commit is made using the BitBucket plugin. I seem to have things setup correctly with the Web Hook and checking the box in the project to "Build when a change is pushed to BitBucket".
When I commit, I am seeing a message in the BitBucket Hook Log showing the last built revision and then it shows a command > git.exe ls-remote -h {repo} # timeout=10. In the system log, it shows "Triggering BitBucket job {JobName}". However, the build never starts. After about 10 minutes, the following error gets logged in the BitBucket Hook Log:
ERROR: Timeout after 10 minutes
ERROR: Failed to join a process
org.jvnet.winp.WinpException: Failed to read environment variable table error=299 at .\envvar-cmdline.cpp:201
at org.jvnet.winp.Native.getCmdLineAndEnvVars(Native Method)
at org.jvnet.winp.WinProcess.parseCmdLineAndEnvVars(WinProcess.java:126)
at org.jvnet.winp.WinProcess.getCommandLine(WinProcess.java:102)
at hudson.util.ProcessTree$Windows$1.getArguments(ProcessTree.java:441)
at hudson.plugins.msbuild.MsBuildKillingVeto.vetoProcessKilling(MsBuildKillingVeto.java:55)
at hudson.util.ProcessTree$OSProcess.getVeto(ProcessTree.java:239)
at hudson.util.ProcessTree$Windows$1.killRecursively(ProcessTree.java:422)
at hudson.util.ProcessTree.killAll(ProcessTree.java:142)
at hudson.Proc$LocalProc.destroy(Proc.java:375)
at hudson.Proc$LocalProc.kill(Proc.java:367)
at hudson.Proc$1.run(Proc.java:157)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
I was able to fix this by changing the git credentials from the job from None to actually specifying credentials rather than just using default for the Jenkins user. I think this may have something to do with the call to git from the BitBucket Hook is running on a different thread as the job would and for some reason needs the specific credentials to use.
I use GitLab 8.7.3 and Jenkins 2.3 with Gitlab Merge Request Builder Plugin 2.0.0
Until before, when we made merge-request on gitlab, Jenkins build is started and Jenkins put a comment Build PASS or Failed.
But now, there "CI build pending" without jenkins comments on merge-request
I find the following log in Jenkins:
WARNING: org.jenkinsci.plugins.gitlab.GitlabBuildTrigger.run() failed for hudson.model.FreeStyleProject#b0ec9[Project_name]
java.lang.NullPointerException
at org.jenkinsci.plugins.gitlab.GitlabMergeRequestWrapper.check(GitlabMergeRequestWrapper.java:100)
at org.jenkinsci.plugins.gitlab.GitlabRepository.check(GitlabRepository.java:86)
at org.jenkinsci.plugins.gitlab.GitlabRepository.check(GitlabRepository.java:68)
at org.jenkinsci.plugins.gitlab.GitlabMergeRequestBuilder.run(GitlabMergeRequestBuilder.java:28)
at org.jenkinsci.plugins.gitlab.GitlabBuildTrigger.run(GitlabBuildTrigger.java:134)
at hudson.triggers.Trigger.checkTriggers(Trigger.java:273)
at hudson.triggers.Trigger$Cron.doRun(Trigger.java:222)
at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:50)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.runAndReset(Unknown Source)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(Unknown Source)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
anyone know how to fix this problem?
anyhelp is welcome.
Thank you.
why this occurs is that I have built other Jenkins for backup.
I didn't notice it set Crontab to fetch merge-request notification and the Jenkins on backup server couldn't build due to another reason.
Thank you all who read or thought this issue.