Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64352

Unable to connect to jnlp via ssh tunnel port

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • remoting
    • None
    • Jenkins 2.235.2 (OK) and 2.249.3 (broken)
      Jenkins running on Ubuntu 5.4 / Java 1.8.0_212 / Tomcat 8.5.40 (bitnami image on AWS)
      Agent running on: Red Hat 4.8 / Java 1.8.0_262

      Running with jenkins 2.235.2 we could connect between firewalled machines using ssh tunnels:

      ssh -M -S ${JENKINS_HOME}/jenkins-ssh-control -N -f \
 -L 8080:jenkins.build.example.com:80 \
 -L 8081:jenkins.build.example.com:8081 \
 jumpbox.build.example.com

      and then, downloading the agent.jar from jenkins to keep it up-to-date:

      curl -f -s -o ${JENKINS_HOME}/agent.jar http://localhost:8080/jenkins/jnlpJars/agent.jar

      and starting the agent:

      java -jar ${JENKINS_HOME}/agent.jar \
 -jnlpUrl http://localhost:8080/jenkins/computer/${AGENT_NAME}/slave-agent.jnlp \
 -secret ${AGENT_SECRET} -workDir "${JENKINS_HOME}" > ${JENKINS_HOME}/agent.log 2>&1 &

      Sometime after that version, this no longer works:

      Dec 02, 2020 1:44:03 PM hudson.remoting.jnlp.Main$CuiListener error
SEVERE: Failed to connect to http://jenkins.build.example.com/jenkins/tcpSlaveAgentListener/: jenkins.build.example.com
java.io.IOException: Failed to connect to http://jenkins.build.example.com/jenkins/tcpSlaveAgentListener/: jenkins.build.example.com
 at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:217)
 at hudson.remoting.Engine.innerRun(Engine.java:694)
 at hudson.remoting.Engine.run(Engine.java:519)
Caused by: java.net.UnknownHostException: jenkins.build.example.com
 at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
 at java.net.Socket.connect(Socket.java:607)
 at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
 at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
 at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
 at sun.net.www.http.HttpClient.<init>(HttpClient.java:242) at sun.net.www.http.HttpClient.New(HttpClient.java:339)
 at sun.net.www.http.HttpClient.New(HttpClient.java:357)
 at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1226)
 at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1162)
 at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056)
 at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:990)
 at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:214) ... 2 more

       

      I believe this is due to https://github.com/jenkinsci/remoting/commit/9ce46eb9be1b35b5d6cb66e6c63b28a2e3798b31

      That change no longer uses the agentJnlpURL to parse/resolve the DOM for jnlp, so the result is the remote trying to connect to the "real" host, rather than the tunnel as specified in the agent's --jnlpUrl parameter.

       

      We are unable to upgrade jenkins (or alternatively we must maintain an old version of the agent.jar).

            jthompson Jeff Thompson
            landers Dave Landers
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: