-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Powered by SuggestiMate -
2.383
jenkins.security.Security218Test#jnlpSlave fails not infrequently on Windows as in e.g. this run. I suspect this is due to the split of instance-identity. Based on the logs of that run and other similar runs, Jenkins#getAgentProtocols must be returning the empty set, and I suspect the reason why is that the initialization of JnlpSlaveAgentProtocol4 (which depends on instance-identity having been initialized) is racing with the initialization of instance-identity. Our Windows test agents are very slow, so the problem can probably be reproduced by adding a sleep statement somewhere.
[JENKINS-70206] jenkins.security.Security218Test#jnlpSlave is flaky
Thanks for detailed investigation basil! That seems to confirm that my proposed fix
delay the initialization of all fields unless and until getName is called
could work. Should be a pretty simple change. vandit1604 would you like to try?
jglick by the fields to be initialized first you are referring isOptIn and getDisplayName right?
but im not able to understand how here
RSAPrivateKey privateKey = InstanceIdentityProvider.RSA.getPrivateKey(); if (privateKey == null) { throw new KeyStoreException("JENKINS-41987: no RSAPrivateKey found; perhaps instance-identity plugin is not installed"); }
privateKey must be null that's why we got this in stacktrace
0.122 [id=101] WARNING h.ExtensionFinder$GuiceFinder$FaultTolerantScope$1#error: Failed to instantiate Key[type=jenkins.slaves.JnlpSlaveAgentProtocol4, annotation=[none]]; skipping this component java.security.KeyStoreException: JENKINS-41987: no RSAPrivateKey found; perhaps instance-identity plugin is not installed
but if privateKey is null then here
public PRIV getPrivateKey() { InstanceIdentityProvider<PUB, PRIV> provider = get(this); try { return provider == null ? null : provider.getPrivateKey(); } catch (RuntimeException e) { LOGGER.log(Level.WARNING, "Instance identity provider " + provider + " propagated a runtime exception", e); return null; } catch (Error e) { LOGGER.log(Level.INFO, "Encountered an error while consulting instance identity provider " + provider, e); throw e; } catch (Throwable e) { LOGGER.log(Level.SEVERE, "Instance identity provider " + provider + " propagated an uncaught exception", e); return null; } }
if privateKey is null here then shouldn't the method getPrivateKey call itself until provider is not null anymore and pass that to privateKey
RSAPrivateKey privateKey = InstanceIdentityProvider.RSA.getPrivateKey();
The fields I refer to are those currently initialized in the constructor: keyStore, trustManager, and sslContext. (Note that hub is also apparently unused and could likely be deleted.)
https://github.com/jenkinsci/jenkins/pull/7485 seems to have chased away the (daily) pain in the core test suite, though the underlying problem remains.
jglick i did these changes and verified the changes
diff --git a/core/src/main/java/jenkins/slaves/JnlpSlaveAgentProtocol4.java b/core/src/main/java/jenkins/slaves/JnlpSlaveAgentProtocol4.java index 75ef385116..865ffde46f 100644 --- a/core/src/main/java/jenkins/slaves/JnlpSlaveAgentProtocol4.java +++ b/core/src/main/java/jenkins/slaves/JnlpSlaveAgentProtocol4.java @@ -72,11 +72,11 @@ public class JnlpSlaveAgentProtocol4 extends AgentProtocol { /** * Our keystore. */ - private final KeyStore keyStore; + private KeyStore keyStore = null; /** * Our trust manager. */ - private final TrustManager trustManager; + private TrustManager trustManager = null; /** * The provider of our {@link IOHub} @@ -111,7 +111,9 @@ public class JnlpSlaveAgentProtocol4 extends AgentProtocol { } // prepare our keyStore so we can provide our authentication - keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + if (keyStore == null && getName() == null) { + keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + } char[] password = constructPassword(); try { keyStore.load(null, password); @@ -135,14 +137,18 @@ public class JnlpSlaveAgentProtocol4 extends AgentProtocol { } // prepare our trustManagers - trustManager = new PublicKeyMatchingX509ExtendedTrustManager(false, true); + if (trustManager == null && getName() == null) { + trustManager = new PublicKeyMatchingX509ExtendedTrustManager(false, true); + } TrustManager[] trustManagers = {trustManager}; // prepare our SSLContext - try { - sslContext = SSLContext.getInstance("TLS"); - } catch (NoSuchAlgorithmException e) { - throw new IllegalStateException("Java runtime specification requires support for TLS algorithm", e); + if (sslContext == null && getName() == null) { + try { + sslContext = SSLContext.getInstance("TLS"); + } catch (NoSuchAlgorithmException e) { + throw new IllegalStateException("Java runtime specification requires support for TLS algorithm", e); + } } sslContext.init(kmf.getKeyManagers(), trustManagers, null); }
there was one failure here's the stacktrace
[ERROR] Failures: [ERROR] TarArchiverTest.permission:87 expected:<493> but was:<511> [INFO] [ERROR] Tests run: 20202, Failures: 1, Errors: 0, Skipped: 22 [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary for Jenkins main module 2.381-SNAPSHOT: [INFO] [INFO] Jenkins main module ................................ SUCCESS [ 2.124 s] [INFO] Jenkins BOM ........................................ SUCCESS [ 0.189 s] [INFO] Internal SPI for WebSocket ......................... SUCCESS [ 4.224 s] [INFO] Jetty 9 implementation for WebSocket ............... SUCCESS [ 3.660 s] [INFO] Jetty 10 implementation for WebSocket .............. SUCCESS [ 3.768 s] [INFO] Jenkins cli ........................................ SUCCESS [ 11.699 s] [INFO] Jenkins core ....................................... FAILURE [06:07 min] [INFO] Jenkins war ........................................ SKIPPED [INFO] Tests for Jenkins core ............................. SKIPPED [INFO] Jenkins coverage ................................... SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 06:34 min [INFO] Finished at: 2022-12-10T02:03:40+05:30 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7:test (default-test) on project jenkins-core: There are test failures.
and here's the test report
------------------------------------------------------------------------------- Test set: hudson.util.io.TarArchiverTest ------------------------------------------------------------------------------- Tests run: 3, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.222 s <<< FAILURE! - in hudson.util.io.TarArchiverTest hudson.util.io.TarArchiverTest.permission Time elapsed: 0.079 s <<< FAILURE! java.lang.AssertionError: expected:<493> but was:<511> at org.junit.Assert.fail(Assert.java:89) at org.junit.Assert.failNotEquals(Assert.java:835) at org.junit.Assert.assertEquals(Assert.java:647) at org.junit.Assert.assertEquals(Assert.java:633) at hudson.util.io.TarArchiverTest.permission(TarArchiverTest.java:87) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:54) at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63) at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at org.junit.runners.ParentRunner.run(ParentRunner.java:413) at org.junit.runner.JUnitCore.run(JUnitCore.java:137) at org.junit.runner.JUnitCore.run(JUnitCore.java:115) at org.junit.vintage.engine.execution.RunnerExecutor.execute(RunnerExecutor.java:42) at org.junit.vintage.engine.VintageTestEngine.executeAllChildren(VintageTestEngine.java:80) at org.junit.vintage.engine.VintageTestEngine.execute(VintageTestEngine.java:72) at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:147) at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:127) at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:90) at org.junit.platform.launcher.core.EngineExecutionOrchestrator.lambda$execute$0(EngineExecutionOrchestrator.java:55) at org.junit.platform.launcher.core.EngineExecutionOrchestrator.withInterceptedStreams(EngineExecutionOrchestrator.java:102) at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:54) at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:114) at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:86) at org.junit.platform.launcher.core.DefaultLauncherSession$DelegatingLauncher.execute(DefaultLauncherSession.java:86) at org.apache.maven.surefire.junitplatform.LazyLauncher.execute(LazyLauncher.java:55) at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.execute(JUnitPlatformProvider.java:223) at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.invokeAllTests(JUnitPlatformProvider.java:175) at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.invoke(JUnitPlatformProvider.java:135) at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:456) at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:169) at org.apache.maven.surefire.booter.ForkedBooter.run(ForkedBooter.java:595) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:581)
im unable to understand what expected value is and how it is calculated
java.lang.AssertionError: expected:<493> but was:<511>
if my changes are valid ill be making a PR
A failure in TarArchiverTest.permission sounds like an unrelated flake.
I have created a https://github.com/jenkinsci/jenkins/pull/7512 currently i have not removed hub from JnlpSlaveAgentProtocol4.java if the PR passes all the checks i'll do that too
Hey i would like to work on this issue as it would help me build the understanding of the jenkins core. from where should i start to work on this ?