Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-59759

localhost not allowed for jeknins with gitlab-branch-source-plugin

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Fixed but Unreleased (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      Ubuntu 18.04.2 LTS / Jenkins Blue Ocean on docker with the network of the host
    • Similar Issues:

      Description

      Hello,

      Not sure whether that is a bug. Feel free to requalify it if needed. 

      My current scenario : 

      • running the Jenkins application  in a docker container, and running the container with the network of the docker host (–network=host as arg).
      • configuring a multibranch pipeline project with Gitlab as branch source.
      • clicking save

      We get on the UI (and in the log) that exception :

       

       

      java.lang.IllegalStateException: Jenkins URL cannot start with http://localhost URL is: http://localhost:8081/ at io.jenkins.plugins.gitlabbranchsource.GitLabHookCreator.checkURL(GitLabHookCreator.java:167) at io.jenkins.plugins.gitlabbranchsource.GitLabHookCreator.getHookUrl(GitLabHookCreator.java:154) at io.jenkins.plugins.gitlabbranchsource.GitLabHookCreator.register(GitLabHookCreator.java:85) at io.jenkins.plugins.gitlabbranchsource.GitLabSCMSource.afterSave(GitLabSCMSource.java:752) at jenkins.branch.MultiBranchProject.fireSCMSourceAfterSave(MultiBranchProject.java:907) at jenkins.branch.MultiBranchProject.submit(MultiBranchProject.java:897) at com.cloudbees.hudson.plugins.folder.AbstractFolder.doConfigSubmit(AbstractFolder.java:1346) at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.doConfigSubmit(ComputedFolder.java:403) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) Caused: javax.servlet.ServletException at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:797) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:280) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:676) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:246) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1700) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1667) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:505) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804) at java.lang.Thread.run(Thread.java:748) 
      

       

      We can see that indeed the plugin disallows any localhost as url  : 

      https://github.com/jenkinsci/gitlab-branch-source-plugin/blob/master/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabHookCreator.java

      static void checkURL(String url) {
       try {
         URL anURL = new URL(url);
         if ("localhost".equals(anURL.getHost())) {
           throw new IllegalStateException(
           "Jenkins URL cannot start with http://localhost \nURL is: " + url);
         }
         if (!anURL.getHost().contains(".")) {
           throw new IllegalStateException(
           "You must use a fully qualified domain name for Jenkins URL, this is     required by GitLab"
       + "\nURL is: " + url);
         }
       } catch (MalformedURLException e) {
          throw new IllegalStateException("Bad Jenkins URL\nURL is: " + url);
       }
      }

       

      I tried to play with /etc/hosts by using a hostname mapped to  localhost but same result

        Attachments

          Activity

          Hide
          baymac Parichay Barpanda added a comment -

          Unfortunately, the GitLab doesn't support web hooks on localhost or a domain name not accessible in the internet (in lay man's term). If you are doing it for testing purpose you might want to disable the web hooks and system hooks (from the SCM traits) else host Jenkins docker in the cloud. I would like to know if you are using GitLab.com or using a self hosted GitLab server?

          Show
          baymac Parichay Barpanda added a comment - Unfortunately, the GitLab doesn't support web hooks on localhost or a domain name not accessible in the internet (in lay man's term). If you are doing it for testing purpose you might want to disable the web hooks and system hooks (from the SCM traits) else host Jenkins docker in the cloud. I would like to know if you are using GitLab.com or using a self hosted GitLab server?
          Hide
          ebundy ebundy ebundy added a comment - - edited

          That is very probably right for online GitLab and it makes sense for an online tool , but by installing  GitLab (EE or the community/free version) on our own server, we could fortunately allow the use of localhost in hooks and services since in these conditions the CI and the SCM may be legitimately hosted on the same machine.

          Here is the option in the admin->network 

          Show
          ebundy ebundy ebundy added a comment - - edited That is very probably right for online GitLab and it makes sense for an online tool , but by installing  GitLab (EE or the community/free version) on our own server, we could fortunately allow the use of localhost in hooks and services since in these conditions the CI and the SCM may be legitimately hosted on the same machine. Here is the option in the admin->network 
          Hide
          baymac Parichay Barpanda added a comment -

          Hi ebundy ebundy, looks like we didn't consider this case. Thanks for catching it. We need to check if the api supports this. Would you be able to build the plugin from source and test it for me? (as currently I am away from GitLab server setup on my local machine). To test it, you only need to remove this line - https://github.com/jenkinsci/gitlab-branch-source-plugin/blob/a17a990ee98fbd4952dbc974474db8e815897e63/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabHookCreator.java#L154

          And build the plugin and install in your Jenkins instance manually after uninstalling the already installed version. If the web hook is created then we know that gitlab4j api supports and I will send a fix once you confirm it. Let me know if this is possible.

          Show
          baymac Parichay Barpanda added a comment - Hi ebundy ebundy , looks like we didn't consider this case. Thanks for catching it. We need to check if the api supports this. Would you be able to build the plugin from source and test it for me? (as currently I am away from GitLab server setup on my local machine). To test it, you only need to remove this line -  https://github.com/jenkinsci/gitlab-branch-source-plugin/blob/a17a990ee98fbd4952dbc974474db8e815897e63/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabHookCreator.java#L154 And build the plugin and install in your Jenkins instance manually after uninstalling the already installed version. If the web hook is created then we know that gitlab4j api supports and I will send a fix once you confirm it. Let me know if this is possible.
          Hide
          ebundy ebundy ebundy added a comment -

          Hello,

          You are welcome. 
          Of course I can. I will test it in the next days and I will leave a feedback as a comment.

           

          Show
          ebundy ebundy ebundy added a comment - Hello, You are welcome.  Of course I can. I will test it in the next days and I will leave a feedback as a comment.  
          Hide
          ebundy ebundy ebundy added a comment -

          Hello,

          It works perfectly. I added a small PR on https://github.com/jenkinsci/gitlab-branch-source-plugin/pull/57

          Show
          ebundy ebundy ebundy added a comment - Hello, It works perfectly. I added a small PR on  https://github.com/jenkinsci/gitlab-branch-source-plugin/pull/57
          Hide
          baymac Parichay Barpanda added a comment -

          I think it is best to setup a reverse proxy by adding sth like jenkins.example.local in your /etc/hosts.

          Show
          baymac Parichay Barpanda added a comment - I think it is best to setup a reverse proxy by adding sth like jenkins.example.local in your /etc/hosts.

            People

            Assignee:
            baymac Parichay Barpanda
            Reporter:
            ebundy ebundy ebundy
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: