Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54898

ECS Plugin 1.18 cannot launch slaves

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: amazon-ecs-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.138.2
      amazon-ecs 1.18
    • Similar Issues:
    • Released As:
      v1.19

      Description

      After upgrading from v1.16 to 1.18 of the ECS plugin, no ECS slaves were able to be launched.

      We are using EC2 as the launch type (not fargate).

      The error message in the log is as follows:

      [digital-ci-devops-zv5qp]: Error in provisioning; agent=com.cloudbees.jenkins.plugins.amazonecs.ECSSlave[digital-ci-devops-zv5qp]
      com.amazonaws.services.ecs.model.AccessDeniedException: User: arn:aws:sts::[******]:assumed-role/[******] is not authorized to perform: iam:PassRole on resource: arn:aws:iam::[******]:role/ecsTaskExecutionRole (Service: AmazonECS; Status Code: 400; Error Code: AccessDeniedException; Request ID: [******])
          at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1658)
          at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1322)
          [...]
      

      I was able to fix the problem by going into the build slave configuration and changing the field "Task Execution Role ARN" from the default value of "ecsTaskExecutionRole" to "" (empty string).

      However, if an admin opens the jenkins system config, all the build slave configs (20+) will have the "Task Execution Role ARN" field reset back to their default value. If the config is saved, the problem will reoccur

      What I believe is happening is that on v1.18, the plugin is incorrectly applying the task execution role to EC2 launch type slaves (should only be applied to fargate launch type).

      Reverting the plugin back to v1.16 resolved the problem.

        Attachments

          Issue Links

            Activity

            Hide
            ccaraivan Costin Caraivan added a comment -

            Hitting the same issue. It's kind of critical, I'd say

            Show
            ccaraivan Costin Caraivan added a comment - Hitting the same issue. It's kind of critical, I'd say
            Hide
            drochefort Dominique Rochefort added a comment -

            Same issue here, reverted to v1.17.

            Our configuration uses EC2 instances, not Fargate.

               

             

            Show
            drochefort Dominique Rochefort added a comment - Same issue here, reverted to v1.17. Our configuration uses EC2 instances, not Fargate.      
            Show
            pgarbe Philipp Garbe added a comment - See  https://github.com/jenkinsci/amazon-ecs-plugin/pull/77

              People

              Assignee:
              pgarbe Philipp Garbe
              Reporter:
              ajcarter Aidan Carter
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: