Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71142

JCasC redeploy randomly fails with :Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.

      Sometimes when doing jenkins redeploy via ansible and JCasC I'm getting this error and broken page:

       

      io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.
      Available attributes : apiToken, apiTokenProperty, copyartifact, crumb, gitHooks, gitHostKeyVerificationConfiguration, globalJobDslSecurityConfiguration, sSHD, scriptApproval, updateSiteWarningsConfiguration
          at io.jenkins.plugins.casc.BaseConfigurator.handleUnknown(BaseConfigurator.java:375)
          at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:364)
          at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286)
          at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:776)
          at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:712)
      Caused: io.jenkins.plugins.casc.ConfiguratorException: security: error configuring 'security' with class io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator configurator
          at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:718)
          at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:776)
          at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:761)
          at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:637)
          at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:306)
          at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:298)
      Caused: java.lang.reflect.InvocationTargetException
          at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
          at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
          at java.base/java.lang.reflect.Method.invoke(Unknown Source)
          at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:109)
      Caused: java.lang.Error
          at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:115)
          at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185)
          at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
          at jenkins.model.Jenkins$5.runTask(Jenkins.java:1164)
          at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
          at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
          at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
          at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
          at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
          at java.base/java.lang.Thread.run(Unknown Source)
      Caused: org.jvnet.hudson.reactor.ReactorException
          at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:290)
          at jenkins.InitReactorRunner.run(InitReactorRunner.java:49)
          at jenkins.model.Jenkins.executeReactor(Jenkins.java:1199)
          at jenkins.model.Jenkins.<init>(Jenkins.java:987)
          at hudson.model.Hudson.<init>(Hudson.java:86)
          at hudson.model.Hudson.<init>(Hudson.java:82)
          at hudson.WebAppMain$3.run(WebAppMain.java:247)
      Caused: hudson.util.HudsonFailedToLoad
          at hudson.WebAppMain$3.run(WebAppMain.java:264) 

      my casc files looks just like:

       57 security:
       58   globaljobdslsecurityconfiguration:
       59     useScriptSecurity: true
       60   queueItemAuthenticator:
       61     authenticators:
       62     - global:
       63         strategy: triggeringUsersAuthorizationStrategy            

      I'm using jenkins 2.387.2 and version of this authorize plugin 1.5.1.

       

      I was getting this error for a long time with previous versions too.

      I will appreciate any help!

        1. log_queueItemAuthenticator.zip
          160 kB
        2. unclassified.yaml
          0.1 kB
        3. security.yaml
          0.2 kB
        4. jenkins.yaml
          0.3 kB
        5. plugins.txt
          0.5 kB
        6. run-jenkins.sh
          0.9 kB

          [JENKINS-71142] JCasC redeploy randomly fails with :Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.

          Mark Waite added a comment -

          I can't duplicate the problem as described. More information is needed so that others can duplicate the problem. Steps that I took in my attempt to duplicate the problem included:

          1. Create the list of plugins that includes authorize project plugin 1.5.1, Job DSL plugin, and other plugins required by them as plugins.txt
          2. Create a shell script run-jenkins.sh that downloads Jenkins core and the specified plugins
          3. Create a directory configuration-as-code and add the files jenkins.yaml , security.yaml , and unclassified.yaml
          4. Run the shell script run-jenkins.sh and complete the setup wizard by choosing to install no additional plugins
          5. Confirm that configuration as code is enabled
          6. Reload the configuration as code definition multiple times, confirm that no failure is reported and no issue is detected
          7. Restart the Jenkins controller multiple times, confirm that no failure is reported and no issue is detected

          Please provide a detailed set of steps so that others can duplicate the problem that you're seeing.

          Mark Waite added a comment - I can't duplicate the problem as described. More information is needed so that others can duplicate the problem. Steps that I took in my attempt to duplicate the problem included: Create the list of plugins that includes authorize project plugin 1.5.1, Job DSL plugin, and other plugins required by them as plugins.txt Create a shell script run-jenkins.sh that downloads Jenkins core and the specified plugins Create a directory configuration-as-code and add the files jenkins.yaml , security.yaml , and unclassified.yaml Run the shell script run-jenkins.sh and complete the setup wizard by choosing to install no additional plugins Confirm that configuration as code is enabled Reload the configuration as code definition multiple times, confirm that no failure is reported and no issue is detected Restart the Jenkins controller multiple times, confirm that no failure is reported and no issue is detected Please provide a detailed set of steps so that others can duplicate the problem that you're seeing.

          R K added a comment -

          markewaite thank you for your fast response! I will try to setup some scripts to duplicate it and will update the issue. For now only one difference I see is I'm using dockerized jenkins 2.387.2-lts-alpine

          R K added a comment - markewaite thank you for your fast response! I will try to setup some scripts to duplicate it and will update the issue. For now only one difference I see is I'm using dockerized jenkins 2.387.2-lts-alpine

          R K added a comment -

          Hi Mark, I was trying to reproduce the issue with basic docker image + ansible deploy but no success, I can't provide our full deployment scripts. I'm afraid the issue will be some race condition. 

          if something will help you I'm using

          podman version 3.3.1

          docker image looks like:

          FROM jenkins/jenkins:2.387.2-lts-alpine
          ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false -Xmx2048m -Dhudson.model.DirectoryBrowserSupport.CSP=\'sandbox allow-forms allow-scripts allow-same-origin allow-top-navigation\'
          ENV CASC_JENKINS_CONFIG /var/jenkins_home/casc_configurations/COPY --chown=jenkins:jenkins plugin-list /usr/share/jenkins/ref/plugin-list.txt
          RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugin-list.txtUSER root
          COPY <cert1> $JAVA_HOME/lib/security
          COPY <cert2> $JAVA_HOME/lib/security
          ...
          RUN update-ca-certificatesRUN \
              cd $JAVA_HOME/lib/security \
              && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ourcert -file <cert1> \
              ...
          
          USER jenkins     

          jenkins is deployed with:

           

          - name: run jenkins
            containers.podman.podman_container:
              name: jenkins
              image: <our_repo>:12345
              state: present
              recreate: yes 
              rm: no
              privileged: true
              volumes:
                - /var/jenkins_home:/var/jenkins_home
              ports:
                  - "443:8443"
              env:
                  SECRETS_FILE: "/path/to/secrets.properties"
                  JENKINS_OPTS: >
                    --httpPort=-1 --httpsPort=8443 --httpsKeyStore=/path/to/certs/abcd.jks
                    --httpKeepAliveTimeout=120000 --httpsKeepAliveTimeout=120000
                    --httpsKeyStorePassword=<keystore pass>
                  JENKINS_TITLE: "Jenkins"
                  JENKINS_URL: <our host>
                  PLUGINS_FORCE_UPGRADE: true 

          before deploy I remove via ansible full plugins folder too.
          those are the plugins I'm using

          configuration-as-code:latest                                                                                                                                                                                                 
          git:latest
          ldap:latest
          matrix-auth:latest
          pam-auth:latest
          authorize-project:latest
          cloudbees-folder:latest
          job-dsl:latest
          blueocean:latest
          ssh-slaves:latest
          ansicolor:latest
          Parameterized-Remote-Trigger:latest
          uno-choice:latest
          build-name-setter:latest
          hashicorp-vault-plugin:latest
          mask-passwords:latest
          sshd:latest
          command-launcher:latest
          jaxb:latest
          jdk-tool:latest
          test-results-aggregator:latest
          slack:latest
          workflow-aggregator:latest
          ws-cleanup:latest
          pipeline-utility-steps:latest
          copyartifact:latest
          build-discarder:latest 

           

          what kind of log files I should collect if this issue will repeat?

          R K added a comment - Hi Mark, I was trying to reproduce the issue with basic docker image + ansible deploy but no success, I can't provide our full deployment scripts. I'm afraid the issue will be some race condition.  if something will help you I'm using podman version 3.3.1 docker image looks like: FROM jenkins/jenkins:2.387.2-lts-alpine ENV JAVA_OPTS -Djenkins.install.runSetupWizard= false -Xmx2048m -Dhudson.model.DirectoryBrowserSupport.CSP=\ 'sandbox allow-forms allow-scripts allow-same-origin allow-top-navigation\' ENV CASC_JENKINS_CONFIG / var /jenkins_home/casc_configurations/COPY --chown=jenkins:jenkins plugin-list /usr/share/jenkins/ref/plugin-list.txt RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugin-list.txtUSER root COPY <cert1> $JAVA_HOME/lib/security COPY <cert2> $JAVA_HOME/lib/security ... RUN update-ca-certificatesRUN \     cd $JAVA_HOME/lib/security \     && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ourcert -file <cert1> \ ... USER jenkins     jenkins is deployed with:   - name: run jenkins   containers.podman.podman_container:     name: jenkins     image: <our_repo>:12345     state: present     recreate: yes      rm: no     privileged: true     volumes:       - / var /jenkins_home:/ var /jenkins_home     ports:         - "443:8443"     env:         SECRETS_FILE: "/path/to/secrets.properties"         JENKINS_OPTS: >           --httpPort=-1 --httpsPort=8443 --httpsKeyStore=/path/to/certs/abcd.jks           --httpKeepAliveTimeout=120000 --httpsKeepAliveTimeout=120000           --httpsKeyStorePassword=<keystore pass>         JENKINS_TITLE: "Jenkins"         JENKINS_URL: <our host>         PLUGINS_FORCE_UPGRADE: true before deploy I remove via ansible full plugins folder too. those are the plugins I'm using configuration-as-code:latest                                                                                                                                                                                                  git:latest ldap:latest matrix-auth:latest pam-auth:latest authorize-project:latest cloudbees-folder:latest job-dsl:latest blueocean:latest ssh-slaves:latest ansicolor:latest Parameterized-Remote-Trigger:latest uno-choice:latest build-name-setter:latest hashicorp-vault-plugin:latest mask-passwords:latest sshd:latest command-launcher:latest jaxb:latest jdk-tool:latest test-results-aggregator:latest slack:latest workflow-aggregator:latest ws-cleanup:latest pipeline-utility-steps:latest copyartifact:latest build-discarder:latest   what kind of log files I should collect if this issue will repeat?

          Mark Waite added a comment -

          I think that when the failure occurs it would be good to capture the exact versions of plugins installed, the full log from the system, and any ideas of things that might be distinct or different about that restart.

          Mark Waite added a comment - I think that when the failure occurs it would be good to capture the exact versions of plugins installed, the full log from the system, and any ideas of things that might be distinct or different about that restart.

          Pykler added a comment -

          Hi markewaite I am consistently getting this error since I started persisting the Jenkins home folder. It is nearly every reboot of the docker container unless I either wipe the jenkins home volume, or comment out that section of the casc.yaml in the container. Which logs would help debug this issue?

          Pykler added a comment - Hi markewaite I am consistently getting this error since I started persisting the Jenkins home folder. It is nearly every reboot of the docker container unless I either wipe the jenkins home volume, or comment out that section of the casc.yaml in the container. Which logs would help debug this issue?

          Mark Waite added a comment -

          pykler I don't know. When I look at my configuration as code definition, I have not stored a setting for queueItemAuthenticator and yet it appears in my configuration when I view the running configuration.

          Mark Waite added a comment - pykler I don't know. When I look at my configuration as code definition, I have not stored a setting for queueItemAuthenticator and yet it appears in my configuration when I view the running configuration.

          R K added a comment -

          Hi markewaite, was lucky and got the log from failed redeployment. Please see log_queueItemAuthenticator.zip if you can find the root cause

          R K added a comment - Hi markewaite , was lucky and got the log from failed redeployment. Please see log_queueItemAuthenticator.zip if you can find the root cause

          Alan Sparks added a comment - - edited

          This happens to me too anymore, now on 2.414.2.

          2023-10-06 19:13:57.155+0000 [id=29] SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.init
          io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.
          Available attributes : apiToken, apiTokenProperty, copyartifact, crumb, gitHooks, gitHostKeyVerificationConfiguration, globalJobDslSecurityConfiguration, sSHD, scriptApproval, updateSiteWarningsConfiguration
          at io.jenkins.plugins.casc.BaseConfigurator.handleUnknown(BaseConfigurator.java:387)
          at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:374)
          at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:293)
          at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$9(ConfigurationAsCode.java:803)
          at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:737)
          Caused: io.jenkins.plugins.casc.ConfiguratorException: security: error configuring 'security' with class io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator configurator
          at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:743)

          BUT, I've also seen when my instance starts, a VERY long traceback starting like below. I have no idea what's happening here. It is pretty random and when it happens, my autoscaling deletes the instance and starts a new one. The next one may just work.

          2023-10-06 19:13:37.848+0000 [id=31] INFO jenkins.InitReactorRunner$1#onAttained: Started all plugins
          2023-10-06 19:13:40.472+0000 [id=14] WARNING hudson.model.Descriptor#load: Failed to load /var/lib/jenkins/jenkins.security.QueueItemAuthenticatorConfiguration.xml
          com.thoughtworks.xstream.security.InputManipulationException: Possible Dneial of Service attack by Stack Overflow
          at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1466)
          at hudson.util.XStream2.unmarshal(XStream2.java:230)
          at hudson.util.XStream2.unmarshal(XStream2.java:201)
          at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1441)
          at hudson.XmlFile.unmarshal(XmlFile.java:196)
          at hudson.XmlFile.unmarshal(XmlFile.java:179)
          at hudson.model.Descriptor.load(Descriptor.java:933)
          at jdk.internal.reflect.GeneratedMethodAccessor12.invoke(Unknown Source)
          at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          at java.base/java.lang.reflect.Method.invoke(Method.java:566)

          Alan Sparks added a comment - - edited This happens to me too anymore, now on 2.414.2. 2023-10-06 19:13:57.155+0000 [id=29] SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.init io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator. Available attributes : apiToken, apiTokenProperty, copyartifact, crumb, gitHooks, gitHostKeyVerificationConfiguration, globalJobDslSecurityConfiguration, sSHD, scriptApproval, updateSiteWarningsConfiguration at io.jenkins.plugins.casc.BaseConfigurator.handleUnknown(BaseConfigurator.java:387) at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:374) at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:293) at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$9(ConfigurationAsCode.java:803) at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:737) Caused: io.jenkins.plugins.casc.ConfiguratorException: security: error configuring 'security' with class io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator configurator at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:743) BUT, I've also seen when my instance starts, a VERY long traceback starting like below. I have no idea what's happening here. It is pretty random and when it happens, my autoscaling deletes the instance and starts a new one. The next one may just work. 2023-10-06 19:13:37.848+0000 [id=31] INFO jenkins.InitReactorRunner$1#onAttained: Started all plugins 2023-10-06 19:13:40.472+0000 [id=14] WARNING hudson.model.Descriptor#load: Failed to load /var/lib/jenkins/jenkins.security.QueueItemAuthenticatorConfiguration.xml com.thoughtworks.xstream.security.InputManipulationException: Possible Dneial of Service attack by Stack Overflow at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1466) at hudson.util.XStream2.unmarshal(XStream2.java:230) at hudson.util.XStream2.unmarshal(XStream2.java:201) at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1441) at hudson.XmlFile.unmarshal(XmlFile.java:196) at hudson.XmlFile.unmarshal(XmlFile.java:179) at hudson.model.Descriptor.load(Descriptor.java:933) at jdk.internal.reflect.GeneratedMethodAccessor12.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566)

          Yi Gong added a comment - - edited

          This most probably happens in a container environment because usually health check is configured by executing http request.

          I can reproduce the issue that

          1. Config a QueueItemAuthenticatorConfiguration and let Jenkins serialize the XML. I use "
            org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy"
          2. Restart Jenkins and continuously call Jenkins http URL, no matter whether it's successful or not. I use the "/login" URL.
          3. It's very easy to trigger XStream unmarshal recursively in the below path   
              ... recursively =>
              at hudson.ExtensionList.ensureLoaded(ExtensionList.java:320)
              at hudson.ExtensionList.iterator(ExtensionList.java:172)
              at hudson.ExtensionList.getInstance(ExtensionList.java:162)
              at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:60)
              at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.getConfigured(ProjectQueueItemAuthenticator.java:212)
              at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.isConfigured(ProjectQueueItemAuthenticator.java:224)
              at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.checkUnsecuredConfiguration(AuthorizeProjectStrategy.java:177)
              at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.readResolve(AuthorizeProjectStrategy.java:167)
              at org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy.readResolve(SpecificUsersAuthorizationStrategy.java:250) 

          I think the problem is at

          AuthorizeProjectStrategy.checkUnsecuredConfiguration because the authentication is "anonymous" but it's still at ini loading process.

           

          Authentication authentication = Jenkins.getAuthentication();
          if (authentication == ACL.SYSTEM) {
              // It is considered to initial loading or reloading.
              return;
          }
          if (!ProjectQueueItemAuthenticator.isConfigured()) {
              return;
          } 

           

          webminster  roboo 

          Please check if there's a health check in your container. If possible delay the check start and let Jenkins have enough time to load plugins.

          markewaite 

          I'd like to contribute a fix, however, I'm not familiar with this plugin. Do you have any idea where I can start?

           

          Yi Gong added a comment - - edited This most probably happens in a container environment because usually health check is configured by executing http request. I can reproduce the issue that Config a QueueItemAuthenticatorConfiguration and let Jenkins serialize the XML. I use " org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy" Restart Jenkins and continuously call Jenkins http URL, no matter whether it's successful or not. I use the "/login" URL. It's very easy to trigger XStream unmarshal recursively in the below path        ... recursively => at hudson.ExtensionList.ensureLoaded(ExtensionList.java:320)     at hudson.ExtensionList.iterator(ExtensionList.java:172)     at hudson.ExtensionList.getInstance(ExtensionList.java:162)     at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:60)     at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.getConfigured(ProjectQueueItemAuthenticator.java:212)     at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.isConfigured(ProjectQueueItemAuthenticator.java:224)     at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.checkUnsecuredConfiguration(AuthorizeProjectStrategy.java:177)     at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.readResolve(AuthorizeProjectStrategy.java:167)     at org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy.readResolve(SpecificUsersAuthorizationStrategy.java:250) I think the problem is at AuthorizeProjectStrategy.checkUnsecuredConfiguration because the authentication is "anonymous" but it's still at ini loading process.   Authentication authentication = Jenkins.getAuthentication(); if (authentication == ACL.SYSTEM) { // It is considered to initial loading or reloading. return ; } if (!ProjectQueueItemAuthenticator.isConfigured()) { return ; }   webminster   roboo   Please check if there's a health check in your container. If possible delay the check start and let Jenkins have enough time to load plugins. markewaite   I'd like to contribute a fix, however, I'm not familiar with this plugin. Do you have any idea where I can start?  

          Alan Sparks added a comment - - edited

          In my case this is running as an Ubuntu VM on AWS EC2, not containerized. I will note that /var/lib/jenkins is on an EFS share so I can do master replacement is needed. This issue happens more often than not... I replaced the instance this morning, and it failed to initialize twice before catching on the third restart try.

          the only reliable way I have to bypass the issue is to delete the /var/lib/jenkins/jenkins.security.QueueItemAuthenticatorConfiguration.xml file. But I'm not sure that that workaround doesn't cause some number of other problems. (e.g., https://docs.cloudbees.com/docs/cloudbees-ci-kb/latest/client-and-managed-controllers/stackoverflowerror-on-boot-from-queueitemauthenticatorconfiguration)

          Alan Sparks added a comment - - edited In my case this is running as an Ubuntu VM on AWS EC2, not containerized. I will note that /var/lib/jenkins is on an EFS share so I can do master replacement is needed. This issue happens more often than not... I replaced the instance this morning, and it failed to initialize twice before catching on the third restart try. the only reliable way I have to bypass the issue is to delete the /var/lib/jenkins/jenkins.security.QueueItemAuthenticatorConfiguration.xml file. But I'm not sure that that workaround doesn't cause some number of other problems. (e.g., https://docs.cloudbees.com/docs/cloudbees-ci-kb/latest/client-and-managed-controllers/stackoverflowerror-on-boot-from-queueitemauthenticatorconfiguration )

          Alan Sparks added a comment -

          Only way I can work around this issue is to uninstall authorize-project. Config changes etc. don't help.
          One way that does temporarily help io to remove the XML file as above, but the problem recurs on the next restart.
          I created also a new ticket for the authorize plugin: https://issues.jenkins.io/browse/JENKINS-72190
          Attached to that is a very long stack trace, including exceptions like:

          com.thoughtworks.xstream.security.InputManipulationException: Possible Dneial of Service attack by Stack Overflow

          2023-10-16 17:11:27.054+0000 [id=18] WARNING h.ExtensionFinder$GuiceFinder$FaultTolerantScope$1#error: Failed to instantiate Key[type=jenkins.security.QueueItemAuthenticatorConfiguration, annotation=[none]]; skipping this component
          java.lang.IllegalStateException: Singleton is called recursively returning different results

          Alan Sparks added a comment - Only way I can work around this issue is to uninstall authorize-project. Config changes etc. don't help. One way that does temporarily help io to remove the XML file as above, but the problem recurs on the next restart. I created also a new ticket for the authorize plugin: https://issues.jenkins.io/browse/JENKINS-72190 Attached to that is a very long stack trace, including exceptions like: com.thoughtworks.xstream.security.InputManipulationException: Possible Dneial of Service attack by Stack Overflow 2023-10-16 17:11:27.054+0000 [id=18] WARNING h.ExtensionFinder$GuiceFinder$FaultTolerantScope$1#error: Failed to instantiate Key[type=jenkins.security.QueueItemAuthenticatorConfiguration, annotation= [none] ]; skipping this component java.lang.IllegalStateException: Singleton is called recursively returning different results

          My two cents with these stackTraces :

           

          2023-11-07 18:51:27.598+0000 [id=59]    WARNING h.p.s.client.SQProjectResolver#resolve: Error fetching project information
          java.lang.IllegalStateException: The class jenkins.security.QueueItemAuthenticatorConfiguration was not found, potentially not yet loaded
                  at hudson.ExtensionList.getInstance(ExtensionList.java:166)
                  at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:60)
                  at jenkins.security.QueueItemAuthenticatorConfiguration$ProviderImpl.getAuthenticators(QueueItemAuthenticatorConfiguration.java:69)
                  at jenkins.security.QueueItemAuthenticatorProvider$IteratorImpl.hasNext(QueueItemAuthenticatorProvider.java:43)
                  at hudson.model.queue.Tasks.getAuthenticationOf2(Tasks.java:106)
                  at hudson.model.queue.Tasks.getAuthenticationOf(Tasks.java:121)
                  at com.cloudbees.plugins.credentials.CredentialsProvider.getDefaultAuthenticationOf(CredentialsProvider.java:831)
                  at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:909)
                  at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:856)
                  at hudson.plugins.sonar.SonarInstallation.getCredentials(SonarInstallation.java:190)
                  at hudson.plugins.sonar.SonarInstallation.getServerAuthenticationToken(SonarInstallation.java:181)
                  at hudson.plugins.sonar.client.SQProjectResolver.resolve(SQProjectResolver.java:62)
                  at hudson.plugins.sonar.action.SonarCacheAction.get(SonarCacheAction.java:76)
                  at hudson.plugins.sonar.action.SonarCacheAction.get(SonarCacheAction.java:52)
                  at hudson.plugins.sonar.action.SonarProjectActionFactory.createProjectPage(SonarProjectActionFactory.java:118)
                  at hudson.plugins.sonar.action.SonarProjectActionFactory.createFor(SonarProjectActionFactory.java:84)
                  at hudson.plugins.sonar.action.SonarProjectActionFactory.createFor(SonarProjectActionFactory.java:43)
                  at hudson.model.Actionable.createFor(Actionable.java:115)
                  at hudson.model.Actionable.getAction(Actionable.java:332)
                  at io.jenkins.blueocean.preload.FavoriteListStatePreloader.lambda$getStateJson$0(FavoriteListStatePreloader.java:52)
                  at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
                  at java.base/java.util.Iterator.forEachRemaining(Iterator.java:133)
                  at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
                  at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
                  at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
                  at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
                  at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
                  at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
                  at io.jenkins.blueocean.preload.FavoriteListStatePreloader.getStateJson(FavoriteListStatePreloader.java:57)
                  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                  at java.base/java.lang.reflect.Method.invoke(Method.java:566)
                  at org.apache.commons.jexl.util.PropertyExecutor.execute(PropertyExecutor.java:125)
                  at org.apache.commons.jexl.util.introspection.UberspectImpl$VelGetterImpl.invoke(UberspectImpl.java:314)
                  at org.apache.commons.jexl.parser.ASTArrayAccess.evaluateExpr(ASTArrayAccess.java:185)
                  at org.apache.commons.jexl.parser.ASTIdentifier.execute(ASTIdentifier.java:75)
                  at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83)
                  at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57)
                  at org.apache.commons.jexl.parser.ASTReferenceExpression.value(ASTReferenceExpression.java:51)
                  at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80)
                  at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:76)
                  at org.apache.commons.jelly.tags.core.CoreTagLibrary$3.run(CoreTagLibrary.java:134)
                  at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
                  at org.apache.commons.jelly.TagSupport.invokeBody(TagSupport.java:161)
                  at org.apache.commons.jelly.tags.core.ForEachTag.doTag(ForEachTag.java:150)
                  at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:265)
                  at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
                  at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:101)
                  at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
                  at org.kohsuke.stapler.jelly.JellyViewScript.run(JellyViewScript.java:99)
                  at org.kohsuke.stapler.jelly.IncludeTag.doTag(IncludeTag.java:172)
                  at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:265)
                  at org.apache.commons.jelly.TagSupport.invokeBody(TagSupport.java:161)
                  at org.apache.commons.jelly.tags.core.ForEachTag.doTag(ForEachTag.java:150)
                  at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:265)
                  at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
                  at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:101)
                  at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
                  at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:101)
                  at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
                  at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
                  at org.kohsuke.stapler.jelly.JellyViewScript.run(JellyViewScript.java:99)
                  at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:66)
                  at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:55)
                  at org.kohsuke.stapler.jelly.ScriptInvoker.execute(ScriptInvoker.java:56)
                  at org.kohsuke.stapler.jelly.ScriptInvoker.execute(ScriptInvoker.java:43)
                  at org.kohsuke.stapler.Facet.handleIndexRequest(Facet.java:284)
                  at org.kohsuke.stapler.jelly.JellyFacet.handleIndexRequest(JellyFacet.java:104)
                  at org.kohsuke.stapler.IndexViewDispatcher.dispatch(IndexViewDispatcher.java:32)
                  at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
                  at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
                  at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
                  at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
                  at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
                  at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
                  at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
                  at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
                  at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
                  at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
                  at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
                  at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
                  at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
                  at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
                  at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
                  at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
                  at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
                  at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
                  at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
                  at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
                  at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
                  at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
                  at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
                  at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
                  at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
                  at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
                  at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
                  at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
                  at org.kohsuke.stapler.Stapler.invoke(Stapler.java:698)
                  at org.kohsuke.stapler.Stapler.service(Stapler.java:248)
                  at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
                  at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
                  at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
                  at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:163)
                  at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248)
                  at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
                  at hudson.plugins.audit_trail.AuditTrailFilter.doFilter(AuditTrailFilter.java:112)
                  at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
                  at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
                  at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
                  at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
                  at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
                  at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
                  at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
                  at jenkins.util.HttpServletFilter$1.doFilter(HttpServletFilter.java:76)
                  at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
                  at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:166)
                  at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
                  at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
                  at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
                  at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
                  at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
                  at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
                  at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
                  at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)
                  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
                  at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
                  at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570)
                  at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
                  at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
                  at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
                  at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
                  at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543)
                  at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
                  at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
                  at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
                  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
                  at org.eclipse.jetty.server.Server.handle(Server.java:563)
                  at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
                  at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
                  at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
                  at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
                  at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
                  at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
                  at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
                  at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:416)
                  at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:385)
                  at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:272)
                  at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:140)
                  at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
                  at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
                  at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
                  at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
                  at java.base/java.lang.Thread.run(Thread.java:829)
          
          
          io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.
          Available attributes : apiToken, apiTokenProperty, crumb, gitHooks, gitHostKeyVerificationConfiguration, sSHD, scriptApproval, updateSiteWarningsConfiguration
              at io.jenkins.plugins.casc.BaseConfigurator.handleUnknown(BaseConfigurator.java:387)
              at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:374)
              at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:293)
              at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$9(ConfigurationAsCode.java:803)
              at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:737)
          Caused: io.jenkins.plugins.casc.ConfiguratorException: security: error configuring 'security' with class io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator configurator
              at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:743)
              at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:803)
              at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:789)
              at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:658)
              at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:315)
              at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:307)
          Caused: java.lang.reflect.InvocationTargetException
              at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
              at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.base/java.lang.reflect.Method.invoke(Method.java:566)
              at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:109)
          Caused: java.lang.Error
              at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:115)
              at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185)
              at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
              at jenkins.model.Jenkins$5.runTask(Jenkins.java:1166)
              at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
              at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
              at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
              at java.base/java.lang.Thread.run(Thread.java:829)
          Caused: org.jvnet.hudson.reactor.ReactorException
              at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:290)
              at jenkins.InitReactorRunner.run(InitReactorRunner.java:49)
              at jenkins.model.Jenkins.executeReactor(Jenkins.java:1201)
              at jenkins.model.Jenkins.<init>(Jenkins.java:989)
              at hudson.model.Hudson.<init>(Hudson.java:86)
              at hudson.model.Hudson.<init>(Hudson.java:82)
              at hudson.WebAppMain$3.run(WebAppMain.java:247)
          Caused: hudson.util.HudsonFailedToLoad
              at hudson.WebAppMain$3.run(WebAppMain.java:264) 

           

          Cyril Pottiers added a comment - My two cents with these stackTraces :   2023-11-07 18:51:27.598+0000 [id=59]    WARNING h.p.s.client.SQProjectResolver#resolve: Error fetching project information java.lang.IllegalStateException: The class jenkins.security.QueueItemAuthenticatorConfiguration was not found, potentially not yet loaded         at hudson.ExtensionList.getInstance(ExtensionList.java:166)         at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:60)         at jenkins.security.QueueItemAuthenticatorConfiguration$ProviderImpl.getAuthenticators(QueueItemAuthenticatorConfiguration.java:69)         at jenkins.security.QueueItemAuthenticatorProvider$IteratorImpl.hasNext(QueueItemAuthenticatorProvider.java:43)         at hudson.model.queue.Tasks.getAuthenticationOf2(Tasks.java:106)         at hudson.model.queue.Tasks.getAuthenticationOf(Tasks.java:121)         at com.cloudbees.plugins.credentials.CredentialsProvider.getDefaultAuthenticationOf(CredentialsProvider.java:831)         at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:909)         at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:856)         at hudson.plugins.sonar.SonarInstallation.getCredentials(SonarInstallation.java:190)         at hudson.plugins.sonar.SonarInstallation.getServerAuthenticationToken(SonarInstallation.java:181)         at hudson.plugins.sonar.client.SQProjectResolver.resolve(SQProjectResolver.java:62)         at hudson.plugins.sonar.action.SonarCacheAction.get(SonarCacheAction.java:76)         at hudson.plugins.sonar.action.SonarCacheAction.get(SonarCacheAction.java:52)         at hudson.plugins.sonar.action.SonarProjectActionFactory.createProjectPage(SonarProjectActionFactory.java:118)         at hudson.plugins.sonar.action.SonarProjectActionFactory.createFor(SonarProjectActionFactory.java:84)         at hudson.plugins.sonar.action.SonarProjectActionFactory.createFor(SonarProjectActionFactory.java:43)         at hudson.model.Actionable.createFor(Actionable.java:115)         at hudson.model.Actionable.getAction(Actionable.java:332)         at io.jenkins.blueocean.preload.FavoriteListStatePreloader.lambda$getStateJson$0(FavoriteListStatePreloader.java:52)         at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)         at java.base/java.util.Iterator.forEachRemaining(Iterator.java:133)         at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)         at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)         at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)         at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)         at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)         at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)         at io.jenkins.blueocean.preload.FavoriteListStatePreloader.getStateJson(FavoriteListStatePreloader.java:57)         at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)         at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)         at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)         at java.base/java.lang.reflect.Method.invoke(Method.java:566)         at org.apache.commons.jexl.util.PropertyExecutor.execute(PropertyExecutor.java:125)         at org.apache.commons.jexl.util.introspection.UberspectImpl$VelGetterImpl.invoke(UberspectImpl.java:314)         at org.apache.commons.jexl.parser.ASTArrayAccess.evaluateExpr(ASTArrayAccess.java:185)         at org.apache.commons.jexl.parser.ASTIdentifier.execute(ASTIdentifier.java:75)         at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83)         at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57)         at org.apache.commons.jexl.parser.ASTReferenceExpression.value(ASTReferenceExpression.java:51)         at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80)         at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:76)         at org.apache.commons.jelly.tags.core.CoreTagLibrary$3.run(CoreTagLibrary.java:134)         at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)         at org.apache.commons.jelly.TagSupport.invokeBody(TagSupport.java:161)         at org.apache.commons.jelly.tags.core.ForEachTag.doTag(ForEachTag.java:150)         at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:265)         at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)         at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:101)         at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)         at org.kohsuke.stapler.jelly.JellyViewScript.run(JellyViewScript.java:99)         at org.kohsuke.stapler.jelly.IncludeTag.doTag(IncludeTag.java:172)         at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:265)         at org.apache.commons.jelly.TagSupport.invokeBody(TagSupport.java:161)         at org.apache.commons.jelly.tags.core.ForEachTag.doTag(ForEachTag.java:150)         at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:265)         at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)         at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:101)         at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)         at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:101)         at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)         at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)         at org.kohsuke.stapler.jelly.JellyViewScript.run(JellyViewScript.java:99)         at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:66)         at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:55)         at org.kohsuke.stapler.jelly.ScriptInvoker.execute(ScriptInvoker.java:56)         at org.kohsuke.stapler.jelly.ScriptInvoker.execute(ScriptInvoker.java:43)         at org.kohsuke.stapler.Facet.handleIndexRequest(Facet.java:284)         at org.kohsuke.stapler.jelly.JellyFacet.handleIndexRequest(JellyFacet.java:104)         at org.kohsuke.stapler.IndexViewDispatcher.dispatch(IndexViewDispatcher.java:32)         at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)         at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)         at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)         at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)         at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)         at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)         at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)         at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)         at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)         at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)         at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)         at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)         at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)         at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)         at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)         at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)         at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)         at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:698)         at org.kohsuke.stapler.Stapler.service(Stapler.java:248)         at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)         at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)         at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)         at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:163)         at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248)         at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)         at hudson.plugins.audit_trail.AuditTrailFilter.doFilter(AuditTrailFilter.java:112)         at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)         at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)         at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)         at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)         at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)         at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)         at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)         at jenkins.util.HttpServletFilter$1.doFilter(HttpServletFilter.java:76)         at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)         at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:166)         at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)         at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)         at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)         at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)         at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)         at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)         at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)         at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)         at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)         at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)         at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570)         at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)         at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)         at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)         at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)         at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543)         at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)         at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)         at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)         at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)         at org.eclipse.jetty.server.Server.handle(Server.java:563)         at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)         at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)         at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)         at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)         at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)         at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)         at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)         at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:416)         at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:385)         at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:272)         at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:140)         at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)         at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)         at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)         at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)         at java.base/java.lang.Thread.run(Thread.java:829) io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator. Available attributes : apiToken, apiTokenProperty, crumb, gitHooks, gitHostKeyVerificationConfiguration, sSHD, scriptApproval, updateSiteWarningsConfiguration     at io.jenkins.plugins.casc.BaseConfigurator.handleUnknown(BaseConfigurator.java:387)     at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:374)     at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:293)     at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$9(ConfigurationAsCode.java:803)     at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:737) Caused: io.jenkins.plugins.casc.ConfiguratorException: security: error configuring 'security' with class io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator configurator     at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:743)     at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:803)     at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:789)     at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:658)     at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:315)     at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:307) Caused: java.lang.reflect.InvocationTargetException     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)     at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)     at java.base/java.lang.reflect.Method.invoke(Method.java:566)     at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:109) Caused: java.lang.Error     at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:115)     at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185)     at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)     at jenkins.model.Jenkins$5.runTask(Jenkins.java:1166)     at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)     at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)     at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)     at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)     at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)     at java.base/java.lang. Thread .run( Thread .java:829) Caused: org.jvnet.hudson.reactor.ReactorException     at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:290)     at jenkins.InitReactorRunner.run(InitReactorRunner.java:49)     at jenkins.model.Jenkins.executeReactor(Jenkins.java:1201)     at jenkins.model.Jenkins.<init>(Jenkins.java:989)     at hudson.model.Hudson.<init>(Hudson.java:86)     at hudson.model.Hudson.<init>(Hudson.java:82)     at hudson.WebAppMain$3.run(WebAppMain.java:247) Caused: hudson.util.HudsonFailedToLoad     at hudson.WebAppMain$3.run(WebAppMain.java:264)  

          Vittorio added a comment -

          I have installed Jenkins 2.426.2 with the Authorize Project plugin (version 1.7.1) on my Kubernetes cluster via Helm chart and everything was working fine.

          I started getting the same error as the other people, when I wanted to add a resource root url to my Jenkins instance via JCasC:

           

          2024-01-19 14:13:10.566+0000 [id=31] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.csanchez.jenkins.plugins.kubernetes.PodTemplate#listener: type is abstract but not Describable.2024-01-19 14:13:10.687+0000 [id=31] SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.initio.jenkins.plugins.casc.UnknownAttributesException: security: Invalid configuration elements for type: class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.Available attributes : apiToken, apiTokenProperty, crumb, gitHooks, gitHostKeyVerificationConfiguration, prism, sSHD, scriptApproval, updateSiteWarningsConfiguration at io.jenkins.plugins.casc.BaseConfigurator.handleUnknown(BaseConfigurator.java:389) at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:374) at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:293) at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$9(ConfigurationAsCode.java:830) at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:773) at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:830) at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:816) at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:695) at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:352) at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:341) 

           

           

          Vittorio added a comment - I have installed Jenkins 2.426.2 with the Authorize Project plugin (version 1.7.1) on my Kubernetes cluster via Helm chart and everything was working fine. I started getting the same error as the other people, when I wanted to add a resource root url to my Jenkins instance via JCasC:   2024-01-19 14:13:10.566+0000 [id=31] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle  class  org.csanchez.jenkins.plugins.kubernetes.PodTemplate#listener: type is  abstract  but not Describable.2024-01-19 14:13:10.687+0000 [id=31] SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.initio.jenkins.plugins.casc.UnknownAttributesException: security: Invalid configuration elements  for  type:  class  jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.Available attributes : apiToken, apiTokenProperty, crumb, gitHooks, gitHostKeyVerificationConfiguration, prism, sSHD, scriptApproval, updateSiteWarningsConfiguration at io.jenkins.plugins.casc.BaseConfigurator.handleUnknown(BaseConfigurator.java:389) at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:374) at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:293) at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$9(ConfigurationAsCode.java:830) at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:773) at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:830) at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:816) at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:695) at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:352) at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:341)    

            Unassigned Unassigned
            roboo R K
            Votes:
            7 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated: