Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31464

git-client uses proxy from plugins section of jenkins

    • Icon: New Feature New Feature
    • Resolution: Unresolved
    • Icon: Major Major
    • git-client-plugin
    • None

      The git client appears to be using the http proxy settings from the "Manage plugins" section of Jenkins. That proxy is for the master to download plugins, not for SCM clients to access repositories. Slave machines shouldn't require the same access to the internet as the master.

      Here you can see that localhost:3128 is being used as a proxy when that slave does not have a proxy listening on port 31218
      > /usr/bin/git config --local credential.username frank # timeout=10
      > /usr/bin/git config --local credential.helper store --file=/tmp/git6157196107535640953.credentials # timeout=10
      Setting http proxy: localhost:3128
      > /usr/bin/git -c core.askpass=true fetch --tags --progress https://github.com/frank/fright.git +refs/heads/:refs/remotes/origin/
      > /usr/bin/git config --local --remove-section credential # timeout=10

      Using environmental variables should be the approach for accessing http/https on the web from a git client.

          [JENKINS-31464] git-client uses proxy from plugins section of jenkins

          I am seeing this issue with Pipelines. Has anybody figured a way around this? I cannot run a pipeline with git on my repository which needs to be accessed via proxy – it works fine if I run a manual Pipeline.

          All ways to set environment variables on Jenkins also haven't helped as it seems that this ultimately gets overwritten by the Git plugin no matter what I do.

          Alex Tasioulis added a comment - I am seeing this issue with Pipelines. Has anybody figured a way around this? I cannot run a pipeline with git on my repository which needs to be accessed via proxy – it works fine if I run a manual Pipeline. All ways to set environment variables on Jenkins also haven't helped as it seems that this ultimately gets overwritten by the Git plugin no matter what I do.

          Mark Waite added a comment -

          Pull request 201 proposes a possible fix for this.  If you're willing to test drive that pull request, you could help the project and may find it solves your issue.

          Download the git-client-plugin.hpi and install it in your environment.  Review the pull request to confirm you've configured it correctly, then report your results.

          Mark Waite added a comment - Pull request 201 proposes a possible fix for this.  If you're willing to test drive that pull request, you could help the project and may find it solves your issue. Download the git-client-plugin.hpi and install it in your environment.  Review the pull request to confirm you've configured it correctly, then report your results.

          Gabe Montero added a comment -

          Alex - I've got a proposed PR https://github.com/jenkinsci/git-plugin/pull/507 that provides that allowed for this.  At least it did when I first did it back in June

          You would need to build git-plugin at the associated commit, along with building git-client-plugin with https://github.com/jenkinsci/git-client-plugin/pull/201

          If we get enough folks to try it, the maintainers have told me they will merge.

          Gabe Montero added a comment - Alex - I've got a proposed PR https://github.com/jenkinsci/git-plugin/pull/507 that provides that allowed for this.  At least it did when I first did it back in June .  You would need to build git-plugin at the associated commit, along with building git-client-plugin with https://github.com/jenkinsci/git-client-plugin/pull/201 If we get enough folks to try it, the maintainers have told me they will merge.

          Gabe Montero added a comment -

          My recollection was that https://github.com/jenkinsci/git-client-plugin/pull/201 was not sufficient for pipelines (only for classic freestyle jobs), and you needed https://github.com/jenkinsci/git-plugin/pull/507 in conjunction.

           

          But of course let me know if you all try it out and see different results.

          Gabe Montero added a comment - My recollection was that https://github.com/jenkinsci/git-client-plugin/pull/201 was not sufficient for pipelines (only for classic freestyle jobs), and you needed https://github.com/jenkinsci/git-plugin/pull/507 in conjunction.   But of course let me know if you all try it out and see different results.

          Mark Waite added a comment - - edited

          Gabe's pull request is built and ready to download from [ci.jenkins.io|https://ci.jenkins.io/blue/organizations/jenkins/Plugins%2Fgit-plugin/detail/PR-507/18/artifacts]  Combine that with the git-client plugin build, and you can help with testing.

          Mark Waite added a comment - - edited Gabe's pull request is built and ready to download from [ci.jenkins.io| https://ci.jenkins.io/blue/organizations/jenkins/Plugins%2Fgit-plugin/detail/PR-507/18/artifacts ]  Combine that with the git-client plugin build , and you can help with testing.

          Hey, thanks for the quick response and helpful comments. It looks like the 2 PRs in question address exactly what I'm seeing, however unfortunately I am not able to load custom hpi's into the environment I'm working on, so I've instead worked around this (not use git plugin, just write a script to checkout git and load my Jenkinsfile).

          Alex Tasioulis added a comment - Hey, thanks for the quick response and helpful comments. It looks like the 2 PRs in question address exactly what I'm seeing, however unfortunately I am not able to load custom hpi's into the environment I'm working on, so I've instead worked around this (not use git plugin, just write a script to checkout git and load my Jenkinsfile).

          Mark Waite added a comment -

          alex1x one of the key reasons I've been unwilling to merge those pull requests is due to insufficient testing.  I don't have a test environment to check the current proxy implementation, nor do I have a test environment to check the proposed new proxy environment. gmontero has tested it in his environment, but the plugin is used by over 120000 installations worldwide, so I'm hesitant to merge a proxy configuration change  with only a single point of validation.

          Is there any way you can construct a separate Jenkins environment to use as a test case?

          Are you allowed to run Docker images in that environment?  If so, I can provide a Docker definition which includes the two pull request builds.

          Mark Waite added a comment - alex1x one of the key reasons I've been unwilling to merge those pull requests is due to insufficient testing.  I don't have a test environment to check the current proxy implementation, nor do I have a test environment to check the proposed new proxy environment. gmontero has tested it in his environment, but the plugin is used by over 120000 installations worldwide, so I'm hesitant to merge a proxy configuration change  with only a single point of validation. Is there any way you can construct a separate Jenkins environment to use as a test case? Are you allowed to run Docker images in that environment?  If so, I can provide a Docker definition which includes the two pull request builds.

          Michael Hauf added a comment -

          I have the same problem..  and got: "Received HTTP code 403 from proxy after CONNECT..." when I try to connect to my repo.

          I have added my GIT Host to the "No Proxy Host" section under the HTTP Proxy Config.

          This seems to be acceptable workaround for the moment.

          Michael Hauf added a comment - I have the same problem..  and got: "Received HTTP code 403 from proxy after CONNECT..." when I try to connect to my repo. I have added my GIT Host to the "No Proxy Host" section under the HTTP Proxy Config. This seems to be acceptable workaround for the moment.

          Yusuke Ohashi added a comment - - edited

          Hello,

          I also had this issue, and solved by modifying git-plugin only.

          Here is my change.

          https://github.com/junkpiano/git-plugin/commit/7f86f4113bd9813ccfb2e684ecfcbea4277cc458

          In my environment, master and slave machines are located in different network zones. All machines can connect with each others. Some machines needs proxy to access external contents but the others don't. So I introduced environmental variable to toggle proxy on/off on node. This gives you flexible proxy setting on the fly.

          There might be something I missed, so your feedbacks are appreciated.

          Thanks.

          Yusuke Ohashi added a comment - - edited Hello, I also had this issue, and solved by modifying git-plugin only. Here is my change. https://github.com/junkpiano/git-plugin/commit/7f86f4113bd9813ccfb2e684ecfcbea4277cc458 In my environment, master and slave machines are located in different network zones. All machines can connect with each others. Some machines needs proxy to access external contents but the others don't. So I introduced environmental variable to toggle proxy on/off on node. This gives you flexible proxy setting on the fly. There might be something I missed, so your feedbacks are appreciated. Thanks.

          We also have different proxy settings on the master and agents. Fortunately a local .gitconfig on the build node has precedence over the setting from the master. So we distribute a /home/jenkins/.gitconfig file with the following content to the build nodes:

          /home/jenkins/.gitconfig
          [http "https://git.example.com"]
                  proxy = http://proxy.example.com:3128
          [http "https://dev.example.com"]
                  proxy = http://proxy2.example.com:3128 

          Jenkins still logs Setting http proxy: proxy.masteronly.example.com:3128 during the build - but git selects the proxy from the local .gitconfig.

          Andreas Mandel added a comment - We also have different proxy settings on the master and agents. Fortunately a local .gitconfig on the build node has precedence over the setting from the master. So we distribute a /home/jenkins/.gitconfig file with the following content to the build nodes: /home/jenkins/.gitconfig [http "https://git.example.com"] proxy = http://proxy.example.com:3128 [http "https://dev.example.com"] proxy = http://proxy2.example.com:3128 Jenkins still logs Setting http proxy: proxy.masteronly.example.com:3128 during the build - but git selects the proxy from the local .gitconfig .

            Unassigned Unassigned
            scattym Matt Clark
            Votes:
            19 Vote for this issue
            Watchers:
            27 Start watching this issue

              Created:
              Updated: