Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32326

broken HTTP_PROXY handling on jenkins-slave (JNLP)

      broken HTTP_PROXY handling on jenkins-slave (JNLP)
      The proxy exclusion list (http.nonProxyHosts, no_proxy) is not taken into account on the jenkins-slave side.
      This has been observed in our jenkins master/slave environment which uses JNLP.

      Support for HTTP_PROXY handling on jenkins-slave side has been added with jenkins version 1.606.
      Unfortunately that does not take the proxy exclusion list into account (e.g. defined by no_proxy env variable on linux).
      This forces the slave to always use the proxy. Even for destinations which would be excluded by no_proxy.

      Jenkins uses org.jenkins-ci.main:remoting for handling http proxy functionality.
      Jenkins includes version 2.53.2 of org.jenkins-ci.main:remoting which contains the error described above.

      possible solution:
      1.) create new release of org.jenkins-ci.main:remoting which already contains the fix in it's master branch.
      2.) update jenkins' to use this new version of org.jenkins-ci.main:remoting

      see also:

          [JENKINS-32326] broken HTTP_PROXY handling on jenkins-slave (JNLP)

          Etienne Bec added a comment -

          We're encountering the same issue (see comment section of JENKINS-28289 for further details).

          It should also be noted that the proxy configuration defined by the system properties does not have precedence over the one defined by the environment variables. Indeed if you set both, you would expect the slave to actually work because http.nonProxyHosts is automatically taken in account by the JVM. But no, looks like some part rely on http_proxy (and obviously don't use no_proxy). Unless you unset all your proxy env var, the slave won't work even if your system properties are correct.

          It means that on a host where you need to set those env var, there's no workaround to make the slave work.

          Etienne Bec added a comment - We're encountering the same issue (see comment section of JENKINS-28289 for further details). It should also be noted that the proxy configuration defined by the system properties does not have precedence over the one defined by the environment variables. Indeed if you set both, you would expect the slave to actually work because http.nonProxyHosts is automatically taken in account by the JVM. But no, looks like some part rely on http_proxy (and obviously don't use no_proxy ). Unless you unset all your proxy env var, the slave won't work even if your system properties are correct. It means that on a host where you need to set those env var, there's no workaround to make the slave work.

          Etienne Bec added a comment -

          Quick fix.

          Etienne Bec added a comment - Quick fix.

          Code changed in jenkins
          User: Etienne Bec
          Path:
          src/main/java/hudson/remoting/Util.java
          src/test/java/hudson/remoting/UtilTest.java
          http://jenkins-ci.org/commit/remoting/a1bdc233aee6dd13fd76f488adb2aa436a7e74f5
          Log:
          [FIXED JENKINS-32326] Support no_proxy environment variable (#84)

          Change-Id: I894e7831677ee39c37020b0fab0e6db5b290f9ca

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Etienne Bec Path: src/main/java/hudson/remoting/Util.java src/test/java/hudson/remoting/UtilTest.java http://jenkins-ci.org/commit/remoting/a1bdc233aee6dd13fd76f488adb2aa436a7e74f5 Log: [FIXED JENKINS-32326] Support no_proxy environment variable (#84) Change-Id: I894e7831677ee39c37020b0fab0e6db5b290f9ca

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          pom.xml
          http://jenkins-ci.org/commit/jenkins/d9f12b0e614d9598221c571001aa43c018b21e25
          Log:
          Update remoting to 2.60

          Changes summary:

          Fixed issues:

          Enhancements:

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/jenkins/d9f12b0e614d9598221c571001aa43c018b21e25 Log: Update remoting to 2.60 Changes summary: Fixed issues: JENKINS-22722 ( https://issues.jenkins-ci.org/browse/JENKINS-22722 ) - Make the channel reader tolerant against Socket timeouts. ( https://github.com/jenkinsci/remoting/pull/80 ) JENKINS-32326 ( https://issues.jenkins-ci.org/browse/JENKINS-32326 ) - Support no_proxy environment variable. ( https://github.com/jenkinsci/remoting/pull/84 ) JENKINS-35190 ( https://issues.jenkins-ci.org/browse/JENKINS-35190 ) - Do not invoke PingFailureAnalyzer for agent=>master ping failures. ( https://github.com/jenkinsci/remoting/pull/85 ) JENKINS-31256 ( https://issues.jenkins-ci.org/browse/JENKINS-31256 ) - <code>hudson.Remoting.Engine#waitForServerToBack</code> now uses credentials for connection. ( https://github.com/jenkinsci/remoting/pull/87 ) JENKINS-35494 ( https://issues.jenkins-ci.org/browse/JENKINS-35494 ) - Fix issues in file management in <code>hudson.remoting.Launcher</code> (main executable class). ( https://github.com/jenkinsci/remoting/pull/88 ) Enhancements: Ensure a message is logged if remoting fails to override the default <code>ClassFilter</code>. ( https://github.com/jenkinsci/remoting/pull/80 )

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          pom.xml
          http://jenkins-ci.org/commit/jenkins/c718516adfddeb10cbf616ce37c619cc6bbafd53
          Log:
          Update remoting to 2.60 (#2403)

          Changes summary:

          Fixed issues:

          Enhancements:

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/jenkins/c718516adfddeb10cbf616ce37c619cc6bbafd53 Log: Update remoting to 2.60 (#2403) Changes summary: Fixed issues: JENKINS-22722 ( https://issues.jenkins-ci.org/browse/JENKINS-22722 ) - Make the channel reader tolerant against Socket timeouts. ( https://github.com/jenkinsci/remoting/pull/80 ) JENKINS-32326 ( https://issues.jenkins-ci.org/browse/JENKINS-32326 ) - Support no_proxy environment variable. ( https://github.com/jenkinsci/remoting/pull/84 ) JENKINS-35190 ( https://issues.jenkins-ci.org/browse/JENKINS-35190 ) - Do not invoke PingFailureAnalyzer for agent=>master ping failures. ( https://github.com/jenkinsci/remoting/pull/85 ) JENKINS-31256 ( https://issues.jenkins-ci.org/browse/JENKINS-31256 ) - <code>hudson.Remoting.Engine#waitForServerToBack</code> now uses credentials for connection. ( https://github.com/jenkinsci/remoting/pull/87 ) JENKINS-35494 ( https://issues.jenkins-ci.org/browse/JENKINS-35494 ) - Fix issues in file management in <code>hudson.remoting.Launcher</code> (main executable class). ( https://github.com/jenkinsci/remoting/pull/88 ) Enhancements: Ensure a message is logged if remoting fails to override the default <code>ClassFilter</code>. ( https://github.com/jenkinsci/remoting/pull/80 )

          Oleg Nenashev added a comment -

          Releases: remoting-2.60 and jenkins-2.9

          Oleg Nenashev added a comment - Releases: remoting-2.60 and jenkins-2.9

          This seems not to be fixed in released version 2.46.1. I cannot find any way of excluding proxy settings for a list of hosts, neither by environment variable `no_proxy` nor by `-Dhttp.nonProxyHosts`.

          This is troublesome as the master is on a direct connection and cannot be reached via the proxy, and at the same time my jobs depend on the proxy environment variables being configured correctly. And I do not like to explicitly set the environment variables in the jobs, as the proxy connection string contains authentication details.

          Johan Smolinski added a comment - This seems not to be fixed in released version 2.46.1. I cannot find any way of excluding proxy settings for a list of hosts, neither by environment variable `no_proxy` nor by `-Dhttp.nonProxyHosts`. This is troublesome as the master is on a direct connection and cannot be reached via the proxy, and at the same time my jobs depend on the proxy environment variables being configured correctly. And I do not like to explicitly set the environment variables in the jobs, as the proxy connection string contains authentication details.

          Sorry, my bad. The environment variable actually do work. The -Dhttp.nonProxyHosts does not, but that is not included in this issue.

          Johan Smolinski added a comment - Sorry, my bad. The environment variable actually do work. The -Dhttp.nonProxyHosts does not, but that is not included in this issue.

            oleg_nenashev Oleg Nenashev
            maecval Valentin Maechler
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: