Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62738

Can't connect JNLP agent trhough traefik2 TCP SNI ingressroutetcp

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • core, remoting
    • None

      We're trying to connect remote agents to a jenkins master deployed on k8s infra by using JNLP4 protocol. Traefik2 ingressroutetcp is like this:

      apiVersion: traefik.containo.us/v1alpha1
      kind: IngressRouteTCP
      metadata:
      name: jenkins-agent
      namespace: default
      spec:
      entryPoints:

      • tcp-ep
        routes:
      • match: HostSNI(`tcp.localhost.test`)
        kind: Rule
        services:
      • name: jenkins-test-agent
        port: 50000
        tls:
        secretName: tcp-localhost-test

      The connection is succesfull if we avoid the host SNI verification but if we want to evaluate the target host the connection never reaches jenkins agent port service. We also tried (-Djsse.enableSNIExtension=true):

      java -Djsse.enableSNIExtension=true -jar agent.jar -jnlpUrl http://jenkins.localhost.test:8080/computer/test-agent-tcp/slave-agent.jnlp -secret @secret-file -workDir "/tmp"

      but connection is not performed:

      Jun 21, 2020 5:33:10 PM org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDirJun 21, 2020 5:33:10 PM org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDirINFO: Using /tmp/remoting as a remoting work directoryJun 21, 2020 5:33:10 PM org.jenkinsci.remoting.engine.WorkDirManager setupLoggingINFO: Both error and output logs will be printed to /tmp/remotingJun 21, 2020 5:33:10 PM hudson.remoting.jnlp.Main createEngineINFO: Setting up agent: test-agent-tcpJun 21, 2020 5:33:10 PM hudson.remoting.jnlp.Main$CuiListener <init>INFO: Jenkins agent is running in headless mode.Jun 21, 2020 5:33:10 PM hudson.remoting.Engine startEngineINFO: Using Remoting version: 4.3Jun 21, 2020 5:33:10 PM org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDirINFO: Using /tmp/remoting as a remoting work directoryJun 21, 2020 5:33:10 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Locating server among http://jenkins-test:8080/, http://jenkins.localhost.test:8080/Jun 21, 2020 5:33:10 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolveINFO: Remoting server accepts the following protocols: [JNLP4-connect, Ping]Jun 21, 2020 5:33:10 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolveINFO: Remoting TCP connection tunneling is enabled. Skipping the TCP Agent Listener Port availability checkJun 21, 2020 5:33:10 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Agent discovery successful  Agent address: tcp.localhost.test  Agent port:    8081  Identity:      0e:89:a3:be:c8:76:25:b1:3d:36:74:68:9a:a6:63:fbJun 21, 2020 5:33:10 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: HandshakingJun 21, 2020 5:33:10 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Connecting to tcp.localhost.test:8081Jun 21, 2020 5:33:10 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Trying protocol: JNLP4-connectJun 21, 2020 5:33:21 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Protocol JNLP4-connect encountered an unexpected exceptionjava.util.concurrent.ExecutionException: org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException: Connection closed before acknowledgement sent at org.jenkinsci.remoting.util.SettableFuture.get(SettableFuture.java:223) at hudson.remoting.Engine.innerRun(Engine.java:743) at hudson.remoting.Engine.run(Engine.java:518)Caused by: org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException: Connection closed before acknowledgement sent at org.jenkinsci.remoting.protocol.impl.AckFilterLayer.onRecvClosed(AckFilterLayer.java:283) at org.jenkinsci.remoting.protocol.FilterLayer.abort(FilterLayer.java:164) at org.jenkinsci.remoting.protocol.impl.AckFilterLayer.access$000(AckFilterLayer.java:45) at org.jenkinsci.remoting.protocol.impl.AckFilterLayer$1.run(AckFilterLayer.java:179) at org.jenkinsci.remoting.protocol.IOHub$DelayedRunnable.run(IOHub.java:964) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:117) at java.base/java.lang.Thread.run(Thread.java:834)
      Jun 21, 2020 5:33:21 PM hudson.remoting.jnlp.Main$CuiListener errorSEVERE: The server rejected the connection: None of the protocols were acceptedjava.lang.Exception: The server rejected the connection: None of the protocols were accepted at hudson.remoting.Engine.onConnectionRejected(Engine.java:828) at hudson.remoting.Engine.innerRun(Engine.java:768) at hudson.remoting.Engine.run(Engine.java:518)

      Can you please confirm if agent.jar is already prepared to send SNI information?

      Regards

       

            peppe Giuseppe Landolfi
            danielmurga daniel murga
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: