[JENKINS-28346] Inconsistent CLI failiures - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Minor
Resolution: Unresolved
Component/s: cli
Labels:
- authentication
- cli
- connection
- ssh
Environment:

Hide
Using Jenkins 1.599 (org.jenkins-ci.main:jenkins-war:1.599) with following plugins:

analysis-core checkstyle.jpi disk-usage.bak jenkins-multijob-plugin.bak mailer.jpi.pinned metrics-diskusage script-security tasks.jpi
analysis-core.bak conditional-buildstep disk-usage.jpi jenkins-multijob-plugin.jpi mapdb-api metrics-diskusage.jpi script-security.jpi throttle-concurrents
analysis-core.jpi conditional-buildstep.jpi diskcheck jquery mapdb-api.jpi metrics.jpi sloccount throttle-concurrents.jpi
ant console-column-plugin diskcheck.jpi jquery.jpi matrix-auth nodelabelparameter sloccount.jpi timestamper
ant.jpi console-column-plugin.jpi email-ext junit matrix-auth.bak nodelabelparameter.jpi ssh-credentials timestamper.bak
antisamy-markup-formatter credentials email-ext.jpi junit.bak matrix-auth.jpi pam-auth ssh-credentials.bak timestamper.jpi
antisamy-markup-formatter.bak credentials.bak envinject junit.jpi matrix-auth.jpi.pinned pam-auth.bak ssh-credentials.jpi token-macro
antisamy-markup-formatter.jpi credentials.jpi envinject.bak junit.jpi.pinned matrix-project pam-auth.jpi ssh-credentials.jpi.pinned token-macro.jpi
antisamy-markup-formatter.jpi.pinned credentials.jpi.pinned envinject.jpi ldap matrix-project.bak pam-auth.jpi.pinned ssh-slaves translation
build-name-setter cvs external-monitor-job ldap.bak matrix-project.jpi parameterized-trigger ssh-slaves.jpi translation.bak
build-name-setter.jpi cvs.bak external-monitor-job.jpi ldap.jpi matrix-project.jpi.pinned parameterized-trigger.bak subversion translation.jpi
build-timeout cvs.jpi javadoc ldap.jpi.pinned maven-plugin parameterized-trigger.jpi subversion.bak translation.jpi.pinned
build-timeout.bak cvs.jpi.pinned javadoc.bak leastload.jpi maven-plugin.bak run-condition subversion.jpi windows-slaves
build-timeout.jpi dashboard-view javadoc.jpi mailer maven-plugin.jpi run-condition.jpi subversion.jpi.pinned windows-slaves.jpi
checkstyle dashboard-view.jpi javadoc.jpi.pinned mailer.bak maven-plugin.jpi.pinned scm-api tasks
checkstyle.bak disk-usage jenkins-multijob-plugin mailer.jpi metrics scm-api.jpi tasks.bak

Show
Using Jenkins 1.599 (org.jenkins-ci.main:jenkins-war:1.599) with following plugins: analysis-core checkstyle.jpi disk-usage.bak jenkins-multijob-plugin.bak mailer.jpi.pinned metrics-diskusage script-security tasks.jpi analysis-core.bak conditional-buildstep disk-usage.jpi jenkins-multijob-plugin.jpi mapdb-api metrics-diskusage.jpi script-security.jpi throttle-concurrents analysis-core.jpi conditional-buildstep.jpi diskcheck jquery mapdb-api.jpi metrics.jpi sloccount throttle-concurrents.jpi ant console-column-plugin diskcheck.jpi jquery.jpi matrix-auth nodelabelparameter sloccount.jpi timestamper ant.jpi console-column-plugin.jpi email-ext junit matrix-auth.bak nodelabelparameter.jpi ssh-credentials timestamper.bak antisamy-markup-formatter credentials email-ext.jpi junit.bak matrix-auth.jpi pam-auth ssh-credentials.bak timestamper.jpi antisamy-markup-formatter.bak credentials.bak envinject junit.jpi matrix-auth.jpi.pinned pam-auth.bak ssh-credentials.jpi token-macro antisamy-markup-formatter.jpi credentials.jpi envinject.bak junit.jpi.pinned matrix-project pam-auth.jpi ssh-credentials.jpi.pinned token-macro.jpi antisamy-markup-formatter.jpi.pinned credentials.jpi.pinned envinject.jpi ldap matrix-project.bak pam-auth.jpi.pinned ssh-slaves translation build-name-setter cvs external-monitor-job ldap.bak matrix-project.jpi parameterized-trigger ssh-slaves.jpi translation.bak build-name-setter.jpi cvs.bak external-monitor-job.jpi ldap.jpi matrix-project.jpi.pinned parameterized-trigger.bak subversion translation.jpi build-timeout cvs.jpi javadoc ldap.jpi.pinned maven-plugin parameterized-trigger.jpi subversion.bak translation.jpi.pinned build-timeout.bak cvs.jpi.pinned javadoc.bak leastload.jpi maven-plugin.bak run-condition subversion.jpi windows-slaves build-timeout.jpi dashboard-view javadoc.jpi mailer maven-plugin.jpi run-condition.jpi subversion.jpi.pinned windows-slaves.jpi checkstyle dashboard-view.jpi javadoc.jpi.pinned mailer.bak maven-plugin.jpi.pinned scm-api tasks checkstyle.bak disk-usage jenkins-multijob-plugin mailer.jpi metrics scm-api.jpi tasks.bak

Similar Issues:

Show

Description

I keep running into this. It's not a consistent behavior as the same CLI command passes/fails randomly.

The command from CLI is: java -jar jenkins-cli.jar -s http://my-URL build job_name --username "admn" --password "admn1234" -p p1=$var p2=$othervar -w

And here's the obtained error:
May 11, 2015 3:04:05 PM WARNING org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator authenticate
CLI authentication failure
java.io.EOFException
at java.io.DataInputStream.readUnsignedShort(DataInputStream.java:323)
at java.io.DataInputStream.readUTF(DataInputStream.java:572)
at java.io.DataInputStream.readUTF(DataInputStream.java:547)
at hudson.cli.Connection.readUTF(Connection.java:85)
at hudson.cli.Connection.verifyIdentity(Connection.java:244)
at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:39)
at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)

Attachments

Activity

Ascending order - Click to sort in descending order

Daniel Beck added a comment - 2015-05-12 08:51

Does it fail randomly for the same user, on the same machine? As the error is in SSH Key authentication, it is dependent on your environment.

Daniel Beck added a comment - 2015-05-12 08:51 Does it fail randomly for the same user, on the same machine? As the error is in SSH Key authentication, it is dependent on your environment.

Raymond Accary added a comment - 2015-05-12 13:46

Hi Daniel,
It's the same user. Two machines submitting to the same master often fail.
However, I spent some time looking at things yesterday, and I realized that even in the case where the CLI build submission is actually invoked, the log would still show:
May 12, 2015 6:41:53 AM WARNING org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator authenticate
CLI authentication failure
java.io.EOFException
at java.io.DataInputStream.readUnsignedShort(DataInputStream.java:323)
at java.io.DataInputStream.readUTF(DataInputStream.java:572)
at java.io.DataInputStream.readUTF(DataInputStream.java:547)
at hudson.cli.Connection.readUTF(Connection.java:85)
at hudson.cli.Connection.verifyIdentity(Connection.java:244)
at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:39)
at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)

Any ideas?

Raymond Accary added a comment - 2015-05-12 13:46 Hi Daniel, It's the same user. Two machines submitting to the same master often fail. However, I spent some time looking at things yesterday, and I realized that even in the case where the CLI build submission is actually invoked, the log would still show: May 12, 2015 6:41:53 AM WARNING org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator authenticate CLI authentication failure java.io.EOFException at java.io.DataInputStream.readUnsignedShort(DataInputStream.java:323) at java.io.DataInputStream.readUTF(DataInputStream.java:572) at java.io.DataInputStream.readUTF(DataInputStream.java:547) at hudson.cli.Connection.readUTF(Connection.java:85) at hudson.cli.Connection.verifyIdentity(Connection.java:244) at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:39) at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109) Any ideas?

Daniel Beck added a comment - 2015-05-12 16:31

Try to add the -noKeyAuth option to the java -jar jenkins-cli.jar invocation.

Daniel Beck added a comment - 2015-05-12 16:31 Try to add the -noKeyAuth option to the java -jar jenkins-cli.jar invocation.

Raymond Accary added a comment - 2015-05-12 20:06

-noKeyAuth, can you explain a bit on what this option would do?
Note that: the master is password-protected.

Raymond Accary added a comment - 2015-05-12 20:06 -noKeyAuth, can you explain a bit on what this option would do? Note that: the master is password-protected.

Daniel Beck added a comment - 2015-05-12 20:25

It will prevent trying to authorize using an SSH key (e.g. ~/.ssh/id_rsa) which the CLI does by default.

Daniel Beck added a comment - 2015-05-12 20:25 It will prevent trying to authorize using an SSH key (e.g. ~/.ssh/id_rsa) which the CLI does by default.

Raymond Accary added a comment - 2015-05-12 20:32

How will it handle the authorization then?
Another thing, had this been always failing or passing, I wouldn't be this skeptical on this solution.
The fact that it's an inconsistent/random/intermittent failure is the troubling part. Any ideas on what could be the reason?

Raymond Accary added a comment - 2015-05-12 20:32 How will it handle the authorization then? Another thing, had this been always failing or passing, I wouldn't be this skeptical on this solution. The fact that it's an inconsistent/random/intermittent failure is the troubling part. Any ideas on what could be the reason?

Daniel Beck added a comment - 2015-05-12 20:40

How will it handle the authorization then?

You're specifying user name and password on the command line.

Daniel Beck added a comment - 2015-05-12 20:40 How will it handle the authorization then? You're specifying user name and password on the command line.

Daniel Beck added a comment - 2015-06-15 21:23

raccary So, did it work?

Daniel Beck added a comment - 2015-06-15 21:23 raccary So, did it work?

Raymond Accary added a comment - 2016-05-03 18:42

It still shows in the logs as a warning.

Raymond Accary added a comment - 2016-05-03 18:42 It still shows in the logs as a warning.

People

Assignee:: Unassigned

Reporter:: Raymond Accary

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2015-05-11 22:47

Updated:: 2016-05-03 20:43