Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65169

Update Mesos Plugin to be compliant with agent naming requirements in Jenkins 2.263.2+

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • mesos-plugin
    • 2.277.1
      mesos cloud 0.18.1

      Mesos cloud labels can contain the char ":" in order to specify custom docker images (which also contain the char ":" for the docker image tag separator)

       

      Was working on LTS 2.263.1 but not 2.277.1, hitting a SEVERE error with stack trace:

       

       2021-03-18 16:02:45.512+0000 [id=66]	SEVERE	hudson.slaves.NodeProvisioner#lambda$update$6: Unexpected uncaught exception encountered while processing agent MesosCloud
      hudson.model.Failure: ‘:’ is an unsafe character
      	at jenkins.model.Jenkins.checkGoodName(Jenkins.java:4063)
      	at jenkins.model.Nodes.addNode(Nodes.java:139)
      	at jenkins.model.Jenkins.addNode(Jenkins.java:2157)
      	at hudson.slaves.NodeProvisioner.lambda$update$6(NodeProvisioner.java:256)
      	at hudson.model.Queue._withLock(Queue.java:1384)
      	at hudson.model.Queue.withLock(Queue.java:1261)
      	at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:225)
      	at hudson.slaves.NodeProvisioner.access$900(NodeProvisioner.java:64)
      	at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:823)
      	at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:91)
      	at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:67)
      	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
      	at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
      	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
      	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
      	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
      	at java.base/java.lang.Thread.run(Thread.java:834)

       

      example label that is used in the mesos config, and the agent fails to start:

      worker:REDACTEDREPO/qe/jira-dependency-graph:1

       

       

          [JENKINS-65169] Update Mesos Plugin to be compliant with agent naming requirements in Jenkins 2.263.2+

          Samuel Beaulieu created issue -

          looking at the code I'll try to set

          jenkins.model.Nodes.enforceNameRestrictions=false

          Samuel Beaulieu added a comment - looking at the code I'll try to set jenkins.model.Nodes.enforceNameRestrictions=false

          Samuel Beaulieu added a comment - https://github.com/jenkinsci/jenkins/blame/master/core/src/main/java/jenkins/model/Jenkins.java#L4057
          Samuel Beaulieu made changes -
          Priority Original: Critical [ 2 ] New: Major [ 3 ]
          Samuel Beaulieu made changes -
          Labels New: SECURITY-2021
          Samuel Beaulieu made changes -
          Link New: This issue is caused by SECURITY-2021 [ SECURITY-2021 ]

          Oleg Nenashev added a comment -

          Another issue to document in upgrade guidelines, right markewaite danielbeck wfollonier?

          Oleg Nenashev added a comment - Another issue to document in upgrade guidelines, right markewaite danielbeck wfollonier ?

          Daniel Beck added a comment - - edited

          Yes, in the upgrade guide for 2.263.2, because this has been around for more than two months now: https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2021

          My recommendation would be to use different labels that result in safe agent names instead. Based on my understanding of this issue, this is a cloud configuration side issue. Disabling the fix should only be a last resort. This is how I would document this as well.

           

          Daniel Beck added a comment - - edited Yes, in the upgrade guide for 2.263.2, because this has been around for more than two months now: https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2021 My recommendation would be to use different labels that result in safe agent names instead. Based on my understanding of this issue, this is a cloud configuration side issue. Disabling the fix should only be a last resort. This is how I would document this as well.  
          Mark Waite made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Mark Waite made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]

            Unassigned Unassigned
            sbeaulie Samuel Beaulieu
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: