-
Bug
-
Resolution: Fixed
-
Blocker
-
None
-
-
ec2 1.47
Hi,
Getting below exception on windows slave. It is working fine in 1.43 version
Unexpected Exception: com.amazonaws.services.ec2.model.AmazonEC2Exception: You are not authorized to perform this operation. (Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation; Request ID: 071f3254-51f1-4577-810f-132237add295)
[JENKINS-59633] EC2 Plugin: Windows EC2 instances are not launching
tapvir virk
created issue -
tapvir virk
made changes -
| Attachment | New: access_denied_windows_ec2_plugin.gif [ 49007 ] |
Attaching the screenshot of the ec2 slave setting. Do you know which permission is required?
Though I can see the instance getting launched on aws account.
tapvir virk
added a comment - - edited Attaching the screenshot of the ec2 slave setting. Do you know which permission is required?
Though I can see the instance getting launched on aws account. 
Raihaan Shouhell
added a comment - You need to check specify password and specify your admin password or give getpassworddata to your appropriate role
Raihaan Shouhell
added a comment - You need to check specify password and specify your admin password or give getpassworddata to your appropriate role tapvir virk
added a comment - I'm running Jenkins 2.476.3 version. Using latest ec2 plugin.
Do you know which permission needs to be added?
tapvir virk
added a comment - I'm running Jenkins 2.476.3 version. Using latest ec2 plugin.
Do you know which permission needs to be added?
I have given the permission to retrieve the password. Now, I'm not getting the above exception. But instance/slave node is getting terminated with the below exception
ERROR: Unable to decode password:
java.lang.IllegalArgumentException: Illegal base64 character d
com.amazonaws.AmazonClientException: Unable to decode password:
java.lang.IllegalArgumentException: Illegal base64 character d
at hudson.plugins.ec2.EC2PrivateKey.decryptWindowsPassword(EC2PrivateKey.java:141)
at hudson.plugins.ec2.win.EC2WindowsLauncher.connectToWinRM(EC2WindowsLauncher.java:156)
at hudson.plugins.ec2.win.EC2WindowsLauncher.launchScript(EC2WindowsLauncher.java:39)
at hudson.plugins.ec2.EC2ComputerLauncher.launch(EC2ComputerLauncher.java:48)
at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:294)
at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
at jenkins.security.ImpersonatingExecutorService$2.call(ImpersonatingExecutorService.java:71)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
tapvir virk
added a comment - - edited I have given the permission to retrieve the password. Now, I'm not getting the above exception. But instance/slave node is getting terminated with the below exception
ERROR: Unable to decode password:
java.lang.IllegalArgumentException: Illegal base64 character d
com.amazonaws.AmazonClientException: Unable to decode password:
java.lang.IllegalArgumentException: Illegal base64 character d
at hudson.plugins.ec2.EC2PrivateKey.decryptWindowsPassword(EC2PrivateKey.java:141)
at hudson.plugins.ec2.win.EC2WindowsLauncher.connectToWinRM(EC2WindowsLauncher.java:156)
at hudson.plugins.ec2.win.EC2WindowsLauncher.launchScript(EC2WindowsLauncher.java:39)
at hudson.plugins.ec2.EC2ComputerLauncher.launch(EC2ComputerLauncher.java:48)
at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:294)
at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
at jenkins.security.ImpersonatingExecutorService$2.call(ImpersonatingExecutorService.java:71)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748) tapvir virk
made changes -
| Assignee | Original: Francis Upton [ francisu ] | New: Raihaan Shouhell [ raihaan ] |
tapvir virk
added a comment - I think it is related to newline characters returned in the PasswordData property from "getPasswordData" api call.
I tried to replicate on my local machine with standalone application. With newline characters, it is giving me below exception,
Exception in thread "main" org.bouncycastle.util.encoders.DecoderException: unable to decode base64 string: invalid characters encountered in base64 dataException in thread "main" org.bouncycastle.util.encoders.DecoderException: unable to decode base64 string: invalid characters encountered in base64 data at org.bouncycastle.util.encoders.Base64.decode(Unknown Source) at com.telushealth.thcp.pipeline.gradle.aws.ec2.AwsEC2GetPasswordTest.decryptWindowsPassword(AwsEC2GetPasswordTest.java:51) at com.telushealth.thcp.pipeline.gradle.aws.ec2.AwsEC2GetPasswordTest.main(AwsEC2GetPasswordTest.java:19)Caused by: java.io.IOException: invalid characters encountered in base64 data at org.bouncycastle.util.encoders.Base64Encoder.decode(Unknown Source) ... 3 more
tapvir virk
added a comment - I think it is related to newline characters returned in the PasswordData property from "getPasswordData" api call.
I tried to replicate on my local machine with standalone application. With newline characters, it is giving me below exception,
Exception in thread "main" org.bouncycastle.util.encoders.DecoderException: unable to decode base64 string: invalid characters encountered in base64 dataException in thread "main" org.bouncycastle.util.encoders.DecoderException: unable to decode base64 string: invalid characters encountered in base64 data at org.bouncycastle.util.encoders.Base64.decode(Unknown Source) at com.telushealth.thcp.pipeline.gradle.aws.ec2.AwsEC2GetPasswordTest.decryptWindowsPassword(AwsEC2GetPasswordTest.java:51) at com.telushealth.thcp.pipeline.gradle.aws.ec2.AwsEC2GetPasswordTest.main(AwsEC2GetPasswordTest.java:19)Caused by: java.io.IOException: invalid characters encountered in base64 data at org.bouncycastle.util.encoders.Base64Encoder.decode(Unknown Source) ... 3 more Hi raihaan
As per your comment in JENKINS-58193 ,
I can see the getPasswordData cli returning \r\n prefixing the content.
I haven't set any password in the ami. I'm just running below script in the userdata,
<powershell>
- Disable Credssp for Jenkins master to login via WinRM.
winrm set winrm/config/service/auth '@{CredSSP="false"}'
$osString = wmic os get caption | Out-String
echo "Windows OS: $osString"
</powershell>
tapvir virk
added a comment - - edited Hi raihaan
As per your comment in JENKINS-58193 ,
I can see the getPasswordData cli returning \r\n prefixing the content.
I haven't set any password in the ami. I'm just running below script in the userdata,
<powershell>
Disable Credssp for Jenkins master to login via WinRM.
winrm set winrm/config/service/auth '@{CredSSP="false"}'
$osString = wmic os get caption | Out-String
echo "Windows OS: $osString"
</powershell> 
What version are you on and can you show a screenshot of your settings? This might be because you used auto retrieve password from amazon which requires a new permission.