Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53897

Using public DNS when property is set to false from within VPC with IGW

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Fixed
    • ec2-plugin
    • Ubuntu 16.04.4 LTS
      Java 1.8.0_181-b13
      Jenkins 2.121.3
      ec2-plugin 1.40

    Description

      Case 1

      When running Jenkins master within a VPC, on a subnet routed to an IGW.

      • Jenkins master has public IP
      • Jenkins node has public IP

      Problem was not detected, because the master would reach get from the same public DNS of the node, the internal IP. It seems to also attempt correctly to use the private IP first, then the public DNS while the node is booting.

      eg:

      INFO: Connecting to [PRIVATE IP] on port 22, with timeout 10000.
      Oct 04, 2018 5:57:49 PM hudson.plugins.ec2.EC2Cloud
      INFO: Failed to connect via ssh: The kexTimeout (10000 ms) expired.
      Oct 04, 2018 5:57:49 PM hudson.plugins.ec2.EC2Cloud
      INFO: Waiting for SSH to come up. Sleeping 5.
      Oct 04, 2018 5:57:54 PM hudson.plugins.ec2.EC2Cloud
      INFO: Connecting to ec2-[PUBLICIP].ap-southeast-2.compute.amazonaws.com on port 22, with timeout 10000.
      ...
      Agent successfully connected and online
      

      Case 2

      When running Jenkins master within a VPC, on a subnet routed to an IGW.

      • Jenkins master has public IP
        Configured another VPC (to use nodes in another region). Region 2 VPC has peer connection to VPC of Jenkins master, and is working fine with private IPs.
      • Jenkins node has public IP

      The problem is evident because the master starts and continues to attempt connecting with the public DNS. Even though the cloud "Connect using Public IP" box is not selected in the configuration.

      INFO: Connecting to ec2-13-58-190-137.us-east-2.compute.amazonaws.com on port 22, with timeout 10000.
      ...
      

      I have tried logging into the Jenkins master and verified the private IP works fine, to reach the node in the other region VPC. So the only issue is apparently the call to getEC2HostAddress

      Other notes

      It may be related to JENKINS-34533.

      Attachments

        Issue Links

          Activity

            chefren E G added a comment -

            Debugging this AWS scenarios by calling DescribeInstances and checking the Instance object may help

            chefren E G added a comment - Debugging this AWS scenarios by calling DescribeInstances and checking the Instance object may help
            chefren E G added a comment -

            Feature initial commit

            chefren E G added a comment - Feature initial commit
            chefren E G added a comment -

            AWS DNS and VPC docs

            chefren E G added a comment - AWS DNS and VPC docs

            1.43 has the option to define the way to connect to slave.

            thoulen FABRIZIO MANFREDI added a comment - 1.43 has the option to define the way to connect to slave.
            chefren E G added a comment -

            Hi thoulen, how is it different from the "Connect using Public IP" box in 1.40? In the description above it is mentioned that it is not selected in the configuration, yet the master attempts to hit the public IP.

            chefren E G added a comment - Hi thoulen , how is it different from the "Connect using Public IP" box in 1.40? In the description above it is mentioned that it is not selected in the configuration, yet the master attempts to hit the public IP.

            People

              thoulen FABRIZIO MANFREDI
              chefren E G
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: