Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66368

After upgrade to CentOS 7 jenkins-2.306-1.1 Jenkins fails to start - keystore access error

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • packaging
    • None
    • CentOS Linux release 7.9.2009 (Core)
      java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
      javapackages-tools-3.4.1-11.el7.noarch
      java-1.8.0-openjdk-headless-1.8.0.292.b10-1.el7_9.x86_64

      Upgrading to the latest release of the Jenkins RPM jenkins-2.306-1.1.noarch appears to be broken on my CentOS 7 server. 

      I get the error below in my jenkins.log file.

      when I use yum to downgrade to the previous release jenkins-2.305-1.1.noarch then all is fine.

      Please can you investigate?

       

      CentOS Linux release 7.9.2009 (Core)

      java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
      javapackages-tools-3.4.1-11.el7.noarch
      java-1.8.0-openjdk-headless-1.8.0.292.b10-1.el7_9.x86_64

       

      ```

      java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
      at winstone.Launcher.spawnListener(Launcher.java:226)
      at winstone.Launcher.<init>(Launcher.java:180)
      at winstone.Launcher.main(Launcher.java:369)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at Main._main(Main.java:375)
      at Main.main(Main.java:151)
      Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
      at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792)
      at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
      at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
      at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
      at java.security.KeyStore.load(KeyStore.java:1445)
      at winstone.AbstractSecuredConnectorFactory.configureSsl(AbstractSecuredConnectorFactory.java:73)
      at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:53)
      at winstone.Launcher.spawnListener(Launcher.java:220)
      ... 8 more
      Caused by: java.security.UnrecoverableKeyException: Password verification failed
      at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:790)
      ... 15 more
      2021-08-13 08:58:00.102+0000 [id=1] SEVERE winstone.Logger#logInternal: Container startup failed
      java.security.UnrecoverableKeyException: Password verification failed
      at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:790)
      Caused: java.io.IOException: Keystore was tampered with, or password was incorrect
      at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792)
      at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
      at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
      at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
      at java.security.KeyStore.load(KeyStore.java:1445)
      at winstone.AbstractSecuredConnectorFactory.configureSsl(AbstractSecuredConnectorFactory.java:73)
      at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:53)
      at winstone.Launcher.spawnListener(Launcher.java:220)
      Caused: java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
      at winstone.Launcher.spawnListener(Launcher.java:226)
      at winstone.Launcher.<init>(Launcher.java:180)
      at winstone.Launcher.main(Launcher.java:369)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at Main._main(Main.java:375)
      at Main.main(Main.java:151)
      Running from: /usr/lib/jenkins/jenkins.war

      ```

          [JENKINS-66368] After upgrade to CentOS 7 jenkins-2.306-1.1 Jenkins fails to start - keystore access error

          Mark Waite added a comment - - edited

          The stack trace seems to indicate that a configuration setting that was being used in 2.305 is not being used in 2.306.

          The Jenkins 2.306 rpm packaging has been simplified to be more like the packaging of the Debian distribution, using the program daemonize to place the java process in the background and detach it from the controlling terminal. I wonder if some setting in /etc/default/jenkins is no longer being passed to the Java process with the new changes. Special thanks to basil for that improvement.

          Are there any settings in your system configuration that control access to a Java keystore or provide a password for a Java keystore?

          Mark Waite added a comment - - edited The stack trace seems to indicate that a configuration setting that was being used in 2.305 is not being used in 2.306. The Jenkins 2.306 rpm packaging has been simplified to be more like the packaging of the Debian distribution, using the program daemonize to place the java process in the background and detach it from the controlling terminal. I wonder if some setting in /etc/default/jenkins is no longer being passed to the Java process with the new changes. Special thanks to basil for that improvement. Are there any settings in your system configuration that control access to a Java keystore or provide a password for a Java keystore?

          Basil Crow added a comment -

          Same symptoms as JENKINS-66347, which was fixed 2 days ago (but not yet released I think). Try what I suggested in the comments in that bug in the short term. 2.307 should contain the fix.

          Basil Crow added a comment - Same symptoms as JENKINS-66347 , which was fixed 2 days ago (but not yet released I think). Try what I suggested in the comments in that bug in the short term. 2.307 should contain the fix.

          Mark added a comment -

          Thank you for the fast response. My issue is the same as JENKINS 663347

          For simplicity my side I will keep stick with 2.305 and wait for 2.307 to be released.

          Thanks again, Mark.

           

          Mark added a comment - Thank you for the fast response. My issue is the same as JENKINS 663347 For simplicity my side I will keep stick with 2.305 and wait for 2.307 to be released. Thanks again, Mark.  

          Eyal Goren added a comment -

          Hi,

          I am getting this error with version 2.319.1, was it resolved, or planned to be fixed soon, or should I roll back to to 2.303.3

           

          Thanks

          Eyal

          Eyal Goren added a comment - Hi, I am getting this error with version 2.319.1, was it resolved, or planned to be fixed soon, or should I roll back to to 2.303.3   Thanks Eyal

          Mark Waite added a comment -

          eyalg please review your system based on JENKINS-66347 to see if the fix described there is missing form 2.319.1. It could be that the Jenkins weekly change in the startup script was not applied to the LTS packaging.

          Mark Waite added a comment - eyalg please review your system based on JENKINS-66347 to see if the fix described there is missing form 2.319.1. It could be that the Jenkins weekly change in the startup script was not applied to the LTS packaging.

          Eyal Goren added a comment -

          Just to clarify- when I upgraded, it was done by replacing the Jenkins war file and the plugins folder, not by running the RPM, does it matter for this case?

          Eyal Goren added a comment - Just to clarify- when I upgraded, it was done by replacing the Jenkins war file and the plugins folder, not by running the RPM, does it matter for this case?

          Mark Waite added a comment -

          Yes, it could matter. If a change was needed in the scripts managed by the rpm file, then your change of the war file from "inside" the contents of the rpm file would not have included any updates to the scripts. When using the operating system package manager, upgrades should be done with the operating system package manager, not by changing files within the package.

          Mark Waite added a comment - Yes, it could matter. If a change was needed in the scripts managed by the rpm file, then your change of the war file from "inside" the contents of the rpm file would not have included any updates to the scripts. When using the operating system package manager, upgrades should be done with the operating system package manager, not by changing files within the package.

          Eyal Goren added a comment - - edited

          I work in a closed environment, How can I download specific RPM from Windows machine that have access to the Internet?

          (The documentation of the offline installations only mention the download of WAR files, not RPM).

          Eyal Goren added a comment - - edited I work in a closed environment, How can I download specific RPM from Windows machine that have access to the Internet? (The documentation of the offline installations only mention the download of WAR files, not RPM).

          Mark Waite added a comment -

          The rpm file can be downloaded from https://get.jenkins.io/redhat-stable/

          Mark Waite added a comment - The rpm file can be downloaded from https://get.jenkins.io/redhat-stable/

            basil Basil Crow
            marksonghurst Mark
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: