-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Debian as Master, Windows 2008 as Slave
I can connect my slave agent using the downloaded jnlp file, but Windows service is not working because of authorization.
My configuration looks like this:
-Xrs -jar "%BASE%\slave.jar" -auth xxx:xxx -jnlpUrl http://xxx.dyndns.org/computer/windows/slave-agent.jnlp -cp "%BASE%\lib\commons-codec-1.5.jar" -jnlpCredentials xxx:xxx
And in logs I see:
Failing to obtain http://homersoft-ci.dyndns.org/computer/windows/slave-agent.jnlp java.io.IOException: Failed to load http://xxx.dyndns.org/computer/windows/slave-agent.jnlp: 403 Forbidden at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:230) at hudson.remoting.Launcher.run(Launcher.java:192) at hudson.remoting.Launcher.main(Launcher.java:168)
I'm using the GitHub OAuth plugin.
[JENKINS-14524] Slave agent authorization 401
Łukasz Nowak
created issue -
Craig Ringer
added a comment - Yeah, the GitHub plugin needs to allow an exception for the JNLP file, or preferably generate a unique per-worker username/password that it displays in the JNLP launch commands and uses automatically in the service. Not trivial to do, though.
Craig Ringer
added a comment - Yeah, the GitHub plugin needs to allow an exception for the JNLP file, or preferably generate a unique per-worker username/password that it displays in the JNLP launch commands and uses automatically in the service. Not trivial to do, though. Craig Ringer
added a comment - Amended report to tag github-oauth, tweak formatting. Craig Ringer
made changes -
| Component/s | New: github-oauth [ 15900 ] | |
| Description |
Original:
I can connect my slave agent using the downloaded jnlp file, but Windows service is not working because of authorization. My configuration looks like this: -Xrs -jar "%BASE%\slave.jar" -auth xxx:xxx -jnlpUrl http://xxx.dyndns.org/computer/windows/slave-agent.jnlp -cp "%BASE%\lib\commons-codec-1.5.jar" -jnlpCredentials xxx:xxx And in logs I see: Failing to obtain http://homersoft-ci.dyndns.org/computer/windows/slave-agent.jnlp java.io.IOException: Failed to load http://xxx.dyndns.org/computer/windows/slave-agent.jnlp: 403 Forbidden at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:230) at hudson.remoting.Launcher.run(Launcher.java:192) at hudson.remoting.Launcher.main(Launcher.java:168) |
New:
I can connect my slave agent using the downloaded jnlp file, but Windows service is not working because of authorization. My configuration looks like this: {code} -Xrs -jar "%BASE%\slave.jar" -auth xxx:xxx -jnlpUrl http://xxx.dyndns.org/computer/windows/slave-agent.jnlp -cp "%BASE%\lib\commons-codec-1.5.jar" -jnlpCredentials xxx:xxx {code} And in logs I see: {code} Failing to obtain http://homersoft-ci.dyndns.org/computer/windows/slave-agent.jnlp java.io.IOException: Failed to load http://xxx.dyndns.org/computer/windows/slave-agent.jnlp: 403 Forbidden at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:230) at hudson.remoting.Launcher.run(Launcher.java:192) at hudson.remoting.Launcher.main(Launcher.java:168) {code} I'm using the GitHub OAuth plugin. |
Craig Ringer
made changes -
| Priority | Original: Critical [ 2 ] | New: Major [ 3 ] |
Craig Ringer
added a comment - Related to JENKINS-11149 Craig Ringer
added a comment - As a workaround, you can save slave-agent.jnlp from the worker's page on the Jenkins server to c:\jenkins (or wherever your jenkins root on the slave is), then modify jenkins-slave.xml to point to file:///C:/jenkins/slave-agent.jnlp instead of the Jenkins URL.
This will prevent the slave from getting automatic updates from Jenkins, so you'll have to replace the jnlp file and restart the slave agent yourself if you upgrade Jenkins.
Alternately, you can enable anonymous READ for all users.
Craig Ringer
added a comment - As a workaround, you can save slave-agent.jnlp from the worker's page on the Jenkins server to c:\jenkins (or wherever your jenkins root on the slave is), then modify jenkins-slave.xml to point to file:///C:/jenkins/slave-agent.jnlp instead of the Jenkins URL.
This will prevent the slave from getting automatic updates from Jenkins, so you'll have to replace the jnlp file and restart the slave agent yourself if you upgrade Jenkins.
Alternately, you can enable anonymous READ for all users. 
Jakub Czaplicki
added a comment - The issue also occurs when Active Directory is used as access control (jenkins ver. 1.554).
For jenkins ver. 1.590 works OK.
So somewhere between 1.554 and 1.590 the issue has been fixed for Active Dir.
Jakub Czaplicki
added a comment - The issue also occurs when Active Directory is used as access control (jenkins ver. 1.554).
For jenkins ver. 1.590 works OK.
So somewhere between 1.554 and 1.590 the issue has been fixed for Active Dir. Newer versions of Jenkins also use a secret URL parameter for authorization by default. Check the slave's index page to see the value.
The problem is with GitHub oauth plugin turned on. When using Jenkins own database it is working.