Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53634

AWS Flavor specific allowed certificates are not used

    XMLWordPrintable

    Details

    • Similar Issues:
    • Sprint:
      Evergreen - Milestone 1

      Description

      Evergreen AWS flavor provisions, but fails to provision any node with the stack trace below.

      This is because apparently the custom overridden certificates to allow calls into AWS infrastructure are not used anymore.

      [WARNING][2018-09-17 18:40:26] Exception during provisioning (from hudson.plugins.ec2.EC2Cloud provision)
      com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
              at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1116)
              at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1066)
              at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
              at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
              at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
              at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
              at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
              at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
              at com.amazonaws.services.ec2.AmazonEC2Client.doInvoke(AmazonEC2Client.java:16440)
              at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:16416)
              at com.amazonaws.services.ec2.AmazonEC2Client.executeDescribeInstances(AmazonEC2Client.java:8101)
              at com.amazonaws.services.ec2.AmazonEC2Client.describeInstances(AmazonEC2Client.java:8076)
              at com.amazonaws.services.ec2.AmazonEC2Client.describeInstances(AmazonEC2Client.java:8113)
              at hudson.plugins.ec2.EC2Cloud.countCurrentEC2Slaves(EC2Cloud.java:363)
              at hudson.plugins.ec2.EC2Cloud.getPossibleNewSlavesCount(EC2Cloud.java:502)
              at hudson.plugins.ec2.EC2Cloud.getNewOrExistingAvailableSlave(EC2Cloud.java:522)
              at hudson.plugins.ec2.EC2Cloud.provision(EC2Cloud.java:551)
              at hudson.slaves.NodeProvisioner$StandardStrategyImpl.apply(NodeProvisioner.java:715)
              at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:320)
              at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:61)
              at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:809)
              at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:72)
              at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:58)
              at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
              at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
              at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
              at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
              at java.lang.Thread.run(Thread.java:748)
      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
              at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
              at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
              at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
              at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
              at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
              at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
              at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
              at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
              at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
              at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
              at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
              at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
              at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
              at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
              at com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.connectSocket(SdkTLSSocketFactory.java:142)
              at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
              at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
              at sun.reflect.GeneratedMethodAccessor135.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at com.amazonaws.http.conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerFactory.java:76)
              at com.amazonaws.http.conn.$Proxy79.connect(Unknown Source)
              at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
              at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
              at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
              at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
              at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
              at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
              at com.amazonaws.http.apache.client.impl.SdkHttpClient.execute(SdkHttpClient.java:72)
              at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1238)
              at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1058)
              ... 28 more
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
              at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
              at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
              at sun.security.validator.Validator.validate(Validator.java:260)
              at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
              at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
              at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
              at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
              ... 54 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
              at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
              at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
              at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
              at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
              ... 60 more
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rtyler R. Tyler Croy
              Reporter:
              batmat Baptiste Mathus
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: