Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32326

broken HTTP_PROXY handling on jenkins-slave (JNLP)

    XMLWordPrintable

Details

    Description

      broken HTTP_PROXY handling on jenkins-slave (JNLP)
      The proxy exclusion list (http.nonProxyHosts, no_proxy) is not taken into account on the jenkins-slave side.
      This has been observed in our jenkins master/slave environment which uses JNLP.

      Support for HTTP_PROXY handling on jenkins-slave side has been added with jenkins version 1.606.
      Unfortunately that does not take the proxy exclusion list into account (e.g. defined by no_proxy env variable on linux).
      This forces the slave to always use the proxy. Even for destinations which would be excluded by no_proxy.

      Jenkins uses org.jenkins-ci.main:remoting for handling http proxy functionality.
      Jenkins includes version 2.53.2 of org.jenkins-ci.main:remoting which contains the error described above.

      possible solution:
      1.) create new release of org.jenkins-ci.main:remoting which already contains the fix in it's master branch.
      2.) update jenkins' to use this new version of org.jenkins-ci.main:remoting

      see also:

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-48778 JNLP not considering plain hostnames when evaluating NO_PROXY

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link PR#84

          Activity

            Ascending order - Click to sort in descending order
            etiennebec Etienne Bec added a comment -

            We're encountering the same issue (see comment section of JENKINS-28289 for further details).

            It should also be noted that the proxy configuration defined by the system properties does not have precedence over the one defined by the environment variables. Indeed if you set both, you would expect the slave to actually work because http.nonProxyHosts is automatically taken in account by the JVM. But no, looks like some part rely on http_proxy (and obviously don't use no_proxy). Unless you unset all your proxy env var, the slave won't work even if your system properties are correct.

            It means that on a host where you need to set those env var, there's no workaround to make the slave work.

            etiennebec Etienne Bec added a comment - We're encountering the same issue (see comment section of JENKINS-28289 for further details). It should also be noted that the proxy configuration defined by the system properties does not have precedence over the one defined by the environment variables. Indeed if you set both, you would expect the slave to actually work because http.nonProxyHosts is automatically taken in account by the JVM. But no, looks like some part rely on http_proxy (and obviously don't use no_proxy ). Unless you unset all your proxy env var, the slave won't work even if your system properties are correct. It means that on a host where you need to set those env var, there's no workaround to make the slave work.
            etiennebec Etienne Bec added a comment -

            Quick fix.

            etiennebec Etienne Bec added a comment - Quick fix.
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Etienne Bec
            Path:
            src/main/java/hudson/remoting/Util.java
            src/test/java/hudson/remoting/UtilTest.java
            http://jenkins-ci.org/commit/remoting/a1bdc233aee6dd13fd76f488adb2aa436a7e74f5
            Log:
            [FIXED JENKINS-32326] Support no_proxy environment variable (#84)

            Change-Id: I894e7831677ee39c37020b0fab0e6db5b290f9ca

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Etienne Bec Path: src/main/java/hudson/remoting/Util.java src/test/java/hudson/remoting/UtilTest.java http://jenkins-ci.org/commit/remoting/a1bdc233aee6dd13fd76f488adb2aa436a7e74f5 Log: [FIXED JENKINS-32326] Support no_proxy environment variable (#84) Change-Id: I894e7831677ee39c37020b0fab0e6db5b290f9ca
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            pom.xml
            http://jenkins-ci.org/commit/jenkins/d9f12b0e614d9598221c571001aa43c018b21e25
            Log:
            Update remoting to 2.60

            Changes summary:

            Fixed issues:

            Enhancements:

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/jenkins/d9f12b0e614d9598221c571001aa43c018b21e25 Log: Update remoting to 2.60 Changes summary: Fixed issues: JENKINS-22722 ( https://issues.jenkins-ci.org/browse/JENKINS-22722 ) - Make the channel reader tolerant against Socket timeouts. ( https://github.com/jenkinsci/remoting/pull/80 ) JENKINS-32326 ( https://issues.jenkins-ci.org/browse/JENKINS-32326 ) - Support no_proxy environment variable. ( https://github.com/jenkinsci/remoting/pull/84 ) JENKINS-35190 ( https://issues.jenkins-ci.org/browse/JENKINS-35190 ) - Do not invoke PingFailureAnalyzer for agent=>master ping failures. ( https://github.com/jenkinsci/remoting/pull/85 ) JENKINS-31256 ( https://issues.jenkins-ci.org/browse/JENKINS-31256 ) - <code>hudson.Remoting.Engine#waitForServerToBack</code> now uses credentials for connection. ( https://github.com/jenkinsci/remoting/pull/87 ) JENKINS-35494 ( https://issues.jenkins-ci.org/browse/JENKINS-35494 ) - Fix issues in file management in <code>hudson.remoting.Launcher</code> (main executable class). ( https://github.com/jenkinsci/remoting/pull/88 ) Enhancements: Ensure a message is logged if remoting fails to override the default <code>ClassFilter</code>. ( https://github.com/jenkinsci/remoting/pull/80 )
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            pom.xml
            http://jenkins-ci.org/commit/jenkins/c718516adfddeb10cbf616ce37c619cc6bbafd53
            Log:
            Update remoting to 2.60 (#2403)

            Changes summary:

            Fixed issues:

            Enhancements:

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/jenkins/c718516adfddeb10cbf616ce37c619cc6bbafd53 Log: Update remoting to 2.60 (#2403) Changes summary: Fixed issues: JENKINS-22722 ( https://issues.jenkins-ci.org/browse/JENKINS-22722 ) - Make the channel reader tolerant against Socket timeouts. ( https://github.com/jenkinsci/remoting/pull/80 ) JENKINS-32326 ( https://issues.jenkins-ci.org/browse/JENKINS-32326 ) - Support no_proxy environment variable. ( https://github.com/jenkinsci/remoting/pull/84 ) JENKINS-35190 ( https://issues.jenkins-ci.org/browse/JENKINS-35190 ) - Do not invoke PingFailureAnalyzer for agent=>master ping failures. ( https://github.com/jenkinsci/remoting/pull/85 ) JENKINS-31256 ( https://issues.jenkins-ci.org/browse/JENKINS-31256 ) - <code>hudson.Remoting.Engine#waitForServerToBack</code> now uses credentials for connection. ( https://github.com/jenkinsci/remoting/pull/87 ) JENKINS-35494 ( https://issues.jenkins-ci.org/browse/JENKINS-35494 ) - Fix issues in file management in <code>hudson.remoting.Launcher</code> (main executable class). ( https://github.com/jenkinsci/remoting/pull/88 ) Enhancements: Ensure a message is logged if remoting fails to override the default <code>ClassFilter</code>. ( https://github.com/jenkinsci/remoting/pull/80 )
            oleg_nenashev Oleg Nenashev added a comment -

            Releases: remoting-2.60 and jenkins-2.9

            oleg_nenashev Oleg Nenashev added a comment - Releases: remoting-2.60 and jenkins-2.9
            johey Johan Smolinski added a comment -

            This seems not to be fixed in released version 2.46.1. I cannot find any way of excluding proxy settings for a list of hosts, neither by environment variable `no_proxy` nor by `-Dhttp.nonProxyHosts`.

            This is troublesome as the master is on a direct connection and cannot be reached via the proxy, and at the same time my jobs depend on the proxy environment variables being configured correctly. And I do not like to explicitly set the environment variables in the jobs, as the proxy connection string contains authentication details.

            johey Johan Smolinski added a comment - This seems not to be fixed in released version 2.46.1. I cannot find any way of excluding proxy settings for a list of hosts, neither by environment variable `no_proxy` nor by `-Dhttp.nonProxyHosts`. This is troublesome as the master is on a direct connection and cannot be reached via the proxy, and at the same time my jobs depend on the proxy environment variables being configured correctly. And I do not like to explicitly set the environment variables in the jobs, as the proxy connection string contains authentication details.
            johey Johan Smolinski added a comment -

            Sorry, my bad. The environment variable actually do work. The -Dhttp.nonProxyHosts does not, but that is not included in this issue.

            johey Johan Smolinski added a comment - Sorry, my bad. The environment variable actually do work. The -Dhttp.nonProxyHosts does not, but that is not included in this issue.

            People

              oleg_nenashev Oleg Nenashev
              maecval Valentin Maechler
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: