-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
Jenkins 2.235.2 (OK) and 2.249.3 (broken)
Jenkins running on Ubuntu 5.4 / Java 1.8.0_212 / Tomcat 8.5.40 (bitnami image on AWS)
Agent running on: Red Hat 4.8 / Java 1.8.0_262
Running with jenkins 2.235.2 we could connect between firewalled machines using ssh tunnels:
ssh -M -S ${JENKINS_HOME}/jenkins-ssh-control -N -f \ -L 8080:jenkins.build.example.com:80 \ -L 8081:jenkins.build.example.com:8081 \ jumpbox.build.example.com
and then, downloading the agent.jar from jenkins to keep it up-to-date:
curl -f -s -o ${JENKINS_HOME}/agent.jar http://localhost:8080/jenkins/jnlpJars/agent.jar
and starting the agent:
java -jar ${JENKINS_HOME}/agent.jar \ -jnlpUrl http://localhost:8080/jenkins/computer/${AGENT_NAME}/slave-agent.jnlp \ -secret ${AGENT_SECRET} -workDir "${JENKINS_HOME}" > ${JENKINS_HOME}/agent.log 2>&1 &
Sometime after that version, this no longer works:
Dec 02, 2020 1:44:03 PM hudson.remoting.jnlp.Main$CuiListener error SEVERE: Failed to connect to http://jenkins.build.example.com/jenkins/tcpSlaveAgentListener/: jenkins.build.example.com java.io.IOException: Failed to connect to http://jenkins.build.example.com/jenkins/tcpSlaveAgentListener/: jenkins.build.example.com at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:217) at hudson.remoting.Engine.innerRun(Engine.java:694) at hudson.remoting.Engine.run(Engine.java:519) Caused by: java.net.UnknownHostException: jenkins.build.example.com at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:607) at sun.net.NetworkClient.doConnect(NetworkClient.java:175) at sun.net.www.http.HttpClient.openServer(HttpClient.java:463) at sun.net.www.http.HttpClient.openServer(HttpClient.java:558) at sun.net.www.http.HttpClient.<init>(HttpClient.java:242) at sun.net.www.http.HttpClient.New(HttpClient.java:339) at sun.net.www.http.HttpClient.New(HttpClient.java:357) at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1226) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1162) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056) at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:990) at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:214) ... 2 more
I believe this is due to https://github.com/jenkinsci/remoting/commit/9ce46eb9be1b35b5d6cb66e6c63b28a2e3798b31
That change no longer uses the agentJnlpURL to parse/resolve the DOM for jnlp, so the result is the remote trying to connect to the "real" host, rather than the tunnel as specified in the agent's --jnlpUrl parameter.
We are unable to upgrade jenkins (or alternatively we must maintain an old version of the agent.jar).