Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43199

Credentials Binding plugin causes File Descriptor leak

      Our deployment of Jenkins with this plugin is currently on an NFS share. In testing a job with this plugin, a file descriptor was apparently left open. We found this out when attempting to delete the test job after it ran. (It was a simple echo job to make sure masking worked as expected, nothing else)

      The issue appears to be related to the anonymous sub-class of the LineTransformationOutputStream class returned by the Wrapper class and similar to the bug resolved in JENKINS-28409 for EnvInject. The sub-class needs to clean up it's parent outputstream and the super class on close.

       

      @Override
       public void close() throws IOException {
       super.close();
       out.close();
       }

          [JENKINS-43199] Credentials Binding plugin causes File Descriptor leak

          Oleg Nenashev added a comment -

          Jenkins LTS does not bundle plugins. Once the plugin fix is released, it will become available in previous LTS releases

          Oleg Nenashev added a comment - Jenkins LTS does not bundle plugins. Once the plugin fix is released, it will become available in previous LTS releases

          Ah apologies – uninstall is greyed out and I can only downgrade in the UI so i figured that meant that it came with the jenkins LTS. Fully understand that a plugin can be updated independently (as we've already done to 1.12)

          Abhishek Mukherjee added a comment - Ah apologies – uninstall is greyed out and I can only downgrade in the UI so i figured that meant that it came with the jenkins LTS. Fully understand that a plugin can be updated independently (as we've already done to 1.12)

          Jesse Glick added a comment -

          Depending on the location of the fix; I believe this is actually a core bug, in which case the fix will come in a core update.

          Jesse Glick added a comment - Depending on the location of the fix; I believe this is actually a core bug, in which case the fix will come in a core update.

          Abhishek Mukherjee added a comment - - edited

          Would that be the linked -JENKINS-28409-, by any chance? Thanks!

          EDIT: nvm. just noticed the "Component" of that ticket being a plugin as well. please ignore me

          Abhishek Mukherjee added a comment - - edited Would that be the linked - JENKINS-28409 -, by any chance? Thanks! EDIT: nvm. just noticed the "Component" of that ticket being a plugin as well. please ignore me

          Code changed in jenkins
          User: Jesse Glick
          Path:
          core/src/main/java/hudson/model/Run.java
          http://jenkins-ci.org/commit/jenkins/a0a55d1da6882e8a56d90885e7cd55a22accbfe1
          Log:
          JENKINS-43199 Reliably close build log file (#2954)

          • Try harder to ensure that the logger is closed at the end of the build.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/model/Run.java http://jenkins-ci.org/commit/jenkins/a0a55d1da6882e8a56d90885e7cd55a22accbfe1 Log: JENKINS-43199 Reliably close build log file (#2954) JENKINS-43199 Reliably close build log file. Try harder to ensure that the logger is closed at the end of the build.

          Oleg Nenashev added a comment -

          It should be solved by https://github.com/jenkinsci/jenkins/pull/2954 in 2.73

          Oleg Nenashev added a comment - It should be solved by https://github.com/jenkinsci/jenkins/pull/2954 in 2.73

          Jesse Glick added a comment -

          Is there an easy way to reproduce the bug? I did not try to write an automated test for it, so I only believe the fix is effective.

          Jesse Glick added a comment - Is there an easy way to reproduce the bug? I did not try to write an automated test for it, so I only believe the fix is effective.

          Jesse Glick added a comment -

          Technically the lack of a close override in this plugin is not addressed—only the symptom, when using the core patch. Reopening for tracking purposes.

          Jesse Glick added a comment - Technically the lack of a close override in this plugin is not addressed—only the symptom, when using the core patch. Reopening for tracking purposes.

          Oleg Nenashev added a comment -

          Yes, it would be great to get the plugin fixed for older cores

          Oleg Nenashev added a comment - Yes, it would be great to get the plugin fixed for older cores

          Bill Agee added a comment -

          In my environment, the repro steps on Ubuntu 14.04 were:

          • Create a 'Secret text' credential with Global scope, in /credentials/store/system/domain/_/
          • Create a freestyle job
          • Enable and select the secret text value in the job UI, with:
            • Use secret text(s) or file(s) -> Bindings -> Secret text -> Variable set to MY_SECRET
          • Add a step in Build -> Execute shell and put a simple 'exit 0' statement or something similar (this step may not be necessary ... not sure)
          • Run the Jenkins job several times, while using sysdig to examine the pid and thread ID for the process handling the job, and see if you see open file handles related to the job begin stacking up as you repeatedly trigger builds:
          • sudo sysdig -c lsof "'proc.pid=3531 and thread.tid=3531'" | tail -n 1
            java 3531 3531 jenkins 3204 file /var/lib/jenkins/jobs/myjob/builds/886/log

          Bill Agee added a comment - In my environment, the repro steps on Ubuntu 14.04 were: Create a 'Secret text' credential with Global scope, in /credentials/store/system/domain/_/ Create a freestyle job Enable and select the secret text value in the job UI, with: Use secret text(s) or file(s) -> Bindings -> Secret text -> Variable set to MY_SECRET Add a step in Build -> Execute shell and put a simple 'exit 0' statement or something similar (this step may not be necessary ... not sure) Run the Jenkins job several times, while using sysdig to examine the pid and thread ID for the process handling the job, and see if you see open file handles related to the job begin stacking up as you repeatedly trigger builds: sudo sysdig -c lsof "'proc.pid=3531 and thread.tid=3531'" | tail -n 1 java 3531 3531 jenkins 3204 file /var/lib/jenkins/jobs/myjob/builds/886/log

            Unassigned Unassigned
            ebutler Elliott Butler
            Votes:
            6 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: