-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
jenkins 2.98
ssh-credentials 1.13
credentials 2.1.16
docker-plugin 1.1.2
ssh-slaves 1.25.1
I was running a Jenkins setup with above plugins at indicated versions except credentials=2.1.14, with a docker cloud set up, connecting to agent docker container via ssh with a com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey and non-verifying verification strategy, successfully. Builds were working fine.
An upgrade of credentials plugin to 2.1.16 immediately resulted in existing working jobs running on docker slaves no longer progressing at all.
The job would wait for the node to come online forever. The docker container machine is running, and a "docker ps -a" shows the containers starting up. The jenkins master log shows the container being provisioned and nothing happens after that, for hours and hours (some info redacted like <node-label> <full-path-for-docker-image> <cloud-name> <docker-host>):
Feb 12, 2018 6:42:53 PM com.nirima.jenkins.plugins.docker.DockerCloud provision INFO: Asked to provision 1 slave(s) for: <node-label> Feb 12, 2018 6:42:53 PM com.nirima.jenkins.plugins.docker.DockerCloud provision INFO: Will provision '<full-path-for-docker-image>', for label: '<node-label>', in cloud: '<cloud-name>' Feb 12, 2018 6:42:53 PM com.nirima.jenkins.plugins.docker.DockerCloud addProvisionedSlave INFO: Provisioning '<full-path-for-docker-image>' number '0' on '<cloud-name>'; Total containers: '0' Feb 12, 2018 6:42:53 PM hudson.slaves.NodeProvisioner$StandardStrategyImpl apply INFO: Started provisioning Image of <full-path-for-docker-image> from <cloud-name> with 1 executors. Remaining excess workload: 0 Feb 12, 2018 6:42:53 PM com.nirima.jenkins.plugins.docker.DockerTemplate pullImage INFO: Pulling image '<full-path-for-docker-image>:latest'. This may take awhile... Feb 12, 2018 6:42:54 PM com.nirima.jenkins.plugins.docker.DockerTemplate pullImage INFO: Finished pulling image '<full-path-for-docker-image>:latest', took 534 ms Feb 12, 2018 6:42:54 PM com.nirima.jenkins.plugins.docker.DockerTemplate provisionNode INFO: Trying to run container for <full-path-for-docker-image> Feb 12, 2018 6:42:55 PM com.nirima.jenkins.plugins.docker.utils.PortUtils$ConnectionCheckSSH execute INFO: SSH port is open on <docker-host>:32800 Feb 12, 2018 6:42:55 PM hudson.slaves.NodeProvisioner$2 run INFO: Image of <full-path-for-docker-image> provisioning successfully completed. We have now 19 computer(s) Feb 12, 2018 6:42:55 PM com.nirima.jenkins.plugins.docker.DockerCloud provision INFO: Asked to provision 1 slave(s) for: <node-label> Feb 12, 2018 6:42:55 PM com.nirima.jenkins.plugins.docker.DockerCloud provision INFO: Will provision '<full-path-for-docker-image>', for label: '<node-label>', in cloud: '<cloud-name>' Feb 12, 2018 6:42:55 PM com.nirima.jenkins.plugins.docker.DockerCloud addProvisionedSlave INFO: Not Provisioning '<full-path-for-docker-image>'. Instance limit of '1' reached on server '<cloud-name>' [02/12/18 18:42:59] SSH Launch of docker-89e7866632f1 on <docker-host> failed in 3,447 ms Feb 12, 2018 6:43:03 PM com.nirima.jenkins.plugins.docker.DockerCloud provision INFO: Asked to provision 1 slave(s) for: <node-label> Feb 12, 2018 6:43:03 PM com.nirima.jenkins.plugins.docker.DockerCloud provision INFO: Will provision '<full-path-for-docker-image>', for label: '<node-label>', in cloud: '<cloud-name>' Feb 12, 2018 6:43:03 PM com.nirima.jenkins.plugins.docker.DockerCloud addProvisionedSlave INFO: Not Provisioning '<full-path-for-docker-image>'. Instance limit of '1' reached on server '<cloud-name>'
The last block of 6 lines above (set apart with a blank line) ends up getting repeated over and over.
I've observed the following:
- that credentials@2.1.16 likes have a password (the credential configuration webpage shows a form field), which does not apply in my situation - I'm using a ssh username with private key specified directly in the credential entry
- credentials@2.1.14 does not display a password form field on the configuration page
- reverting credentials back to 2.1.14, plus recreating the credential, seems to solve the problem, but...
- * on my jenkins 2.98 system, the credential configuration page always shows a yellow passphrase form field, and if I click submit it will populate the credentials.xml with a passphrase element; I have to repeatedly delete it before clicking ok to ensure no passphrase element is stored
- * I have another jenkins system running 2.77 and credentials@2.1.14 where the credentials configuration page shows a white empty passphrase form field, and will NOT add any passphrase element to credentials.xml on submit
I cannot find any error log or debugging output that discusses any cause of failure to connect (apart from the very generic "ssh launch failed", but my hunch is that some interaction with 2.1.16 is forcing a password or passphrase to be used when the original credential entry had none.
Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA