Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71142

JCasC redeploy randomly fails with :Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.

      Sometimes when doing jenkins redeploy via ansible and JCasC I'm getting this error and broken page:

       

      io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.
      Available attributes : apiToken, apiTokenProperty, copyartifact, crumb, gitHooks, gitHostKeyVerificationConfiguration, globalJobDslSecurityConfiguration, sSHD, scriptApproval, updateSiteWarningsConfiguration
          at io.jenkins.plugins.casc.BaseConfigurator.handleUnknown(BaseConfigurator.java:375)
          at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:364)
          at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286)
          at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:776)
          at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:712)
      Caused: io.jenkins.plugins.casc.ConfiguratorException: security: error configuring 'security' with class io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator configurator
          at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:718)
          at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:776)
          at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:761)
          at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:637)
          at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:306)
          at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:298)
      Caused: java.lang.reflect.InvocationTargetException
          at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
          at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
          at java.base/java.lang.reflect.Method.invoke(Unknown Source)
          at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:109)
      Caused: java.lang.Error
          at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:115)
          at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185)
          at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
          at jenkins.model.Jenkins$5.runTask(Jenkins.java:1164)
          at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
          at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
          at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
          at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
          at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
          at java.base/java.lang.Thread.run(Unknown Source)
      Caused: org.jvnet.hudson.reactor.ReactorException
          at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:290)
          at jenkins.InitReactorRunner.run(InitReactorRunner.java:49)
          at jenkins.model.Jenkins.executeReactor(Jenkins.java:1199)
          at jenkins.model.Jenkins.<init>(Jenkins.java:987)
          at hudson.model.Hudson.<init>(Hudson.java:86)
          at hudson.model.Hudson.<init>(Hudson.java:82)
          at hudson.WebAppMain$3.run(WebAppMain.java:247)
      Caused: hudson.util.HudsonFailedToLoad
          at hudson.WebAppMain$3.run(WebAppMain.java:264) 

      my casc files looks just like:

       57 security:
       58   globaljobdslsecurityconfiguration:
       59     useScriptSecurity: true
       60   queueItemAuthenticator:
       61     authenticators:
       62     - global:
       63         strategy: triggeringUsersAuthorizationStrategy            

      I'm using jenkins 2.387.2 and version of this authorize plugin 1.5.1.

       

      I was getting this error for a long time with previous versions too.

      I will appreciate any help!

        1. log_queueItemAuthenticator.zip
          160 kB
        2. unclassified.yaml
          0.1 kB
        3. security.yaml
          0.2 kB
        4. jenkins.yaml
          0.3 kB
        5. plugins.txt
          0.5 kB
        6. run-jenkins.sh
          0.9 kB

          [JENKINS-71142] JCasC redeploy randomly fails with :Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.

          R K created issue -
          Mark Waite made changes -
          Attachment New: run-jenkins.sh [ 60316 ]
          Mark Waite made changes -
          Attachment New: plugins.txt [ 60317 ]
          Mark Waite made changes -
          Attachment New: jenkins.yaml [ 60318 ]
          Mark Waite made changes -
          Attachment New: security.yaml [ 60319 ]
          Mark Waite made changes -
          Attachment New: unclassified.yaml [ 60320 ]

          Mark Waite added a comment -

          I can't duplicate the problem as described. More information is needed so that others can duplicate the problem. Steps that I took in my attempt to duplicate the problem included:

          1. Create the list of plugins that includes authorize project plugin 1.5.1, Job DSL plugin, and other plugins required by them as plugins.txt
          2. Create a shell script run-jenkins.sh that downloads Jenkins core and the specified plugins
          3. Create a directory configuration-as-code and add the files jenkins.yaml , security.yaml , and unclassified.yaml
          4. Run the shell script run-jenkins.sh and complete the setup wizard by choosing to install no additional plugins
          5. Confirm that configuration as code is enabled
          6. Reload the configuration as code definition multiple times, confirm that no failure is reported and no issue is detected
          7. Restart the Jenkins controller multiple times, confirm that no failure is reported and no issue is detected

          Please provide a detailed set of steps so that others can duplicate the problem that you're seeing.

          Mark Waite added a comment - I can't duplicate the problem as described. More information is needed so that others can duplicate the problem. Steps that I took in my attempt to duplicate the problem included: Create the list of plugins that includes authorize project plugin 1.5.1, Job DSL plugin, and other plugins required by them as plugins.txt Create a shell script run-jenkins.sh that downloads Jenkins core and the specified plugins Create a directory configuration-as-code and add the files jenkins.yaml , security.yaml , and unclassified.yaml Run the shell script run-jenkins.sh and complete the setup wizard by choosing to install no additional plugins Confirm that configuration as code is enabled Reload the configuration as code definition multiple times, confirm that no failure is reported and no issue is detected Restart the Jenkins controller multiple times, confirm that no failure is reported and no issue is detected Please provide a detailed set of steps so that others can duplicate the problem that you're seeing.

          R K added a comment -

          markewaite thank you for your fast response! I will try to setup some scripts to duplicate it and will update the issue. For now only one difference I see is I'm using dockerized jenkins 2.387.2-lts-alpine

          R K added a comment - markewaite thank you for your fast response! I will try to setup some scripts to duplicate it and will update the issue. For now only one difference I see is I'm using dockerized jenkins 2.387.2-lts-alpine
          R K made changes -
          Description Original: Sometimes when doing jenkins redeploy via ansible and JCasC I'm getting this error and broken page:

           
          {code:java}
          io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.
          Available attributes : apiToken, apiTokenProperty, copyartifact, crumb, gitHooks, gitHostKeyVerificationConfiguration, globalJobDslSecurityConfiguration, sSHD, scriptApproval, updateSiteWarningsConfiguration
              at io.jenkins.plugins.casc.BaseConfigurator.handleUnknown(BaseConfigurator.java:375)
              at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:364)
              at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286)
              at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:776)
              at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:712)
          Caused: io.jenkins.plugins.casc.ConfiguratorException: security: error configuring 'security' with class io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator configurator
              at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:718)
              at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:776)
              at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:761)
              at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:637)
              at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:306)
              at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:298)
          Caused: java.lang.reflect.InvocationTargetException
              at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
              at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
              at java.base/java.lang.reflect.Method.invoke(Unknown Source)
              at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:109)
          Caused: java.lang.Error
              at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:115)
              at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185)
              at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
              at jenkins.model.Jenkins$5.runTask(Jenkins.java:1164)
              at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
              at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
              at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
              at java.base/java.lang.Thread.run(Unknown Source)
          Caused: org.jvnet.hudson.reactor.ReactorException
              at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:290)
              at jenkins.InitReactorRunner.run(InitReactorRunner.java:49)
              at jenkins.model.Jenkins.executeReactor(Jenkins.java:1199)
              at jenkins.model.Jenkins.<init>(Jenkins.java:987)
              at hudson.model.Hudson.<init>(Hudson.java:86)
              at hudson.model.Hudson.<init>(Hudson.java:82)
              at hudson.WebAppMain$3.run(WebAppMain.java:247)
          Caused: hudson.util.HudsonFailedToLoad
              at hudson.WebAppMain$3.run(WebAppMain.java:264) {code}
          my casc files looks just like:
          {code:java}
           57 security:
           58   globaljobdslsecurityconfiguration:
           59     useScriptSecurity: true
           60   queueItemAuthenticator:
           61     authenticators:
           62     - global:
           63         strategy: triggeringUsersAuthorizationStrategy            {code}
          I'm using jenkins 2.387.2 and version of this authorize plugin 1.5.1.

          I was getting this error for a long time with previous versions too.

          I will appreciate any help!
          New: Sometimes when doing jenkins redeploy via ansible and JCasC I'm getting this error and broken page:

           
          {code:java}
          io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class jenkins.model.GlobalConfigurationCategory$Security : queueItemAuthenticator.
          Available attributes : apiToken, apiTokenProperty, copyartifact, crumb, gitHooks, gitHostKeyVerificationConfiguration, globalJobDslSecurityConfiguration, sSHD, scriptApproval, updateSiteWarningsConfiguration
              at io.jenkins.plugins.casc.BaseConfigurator.handleUnknown(BaseConfigurator.java:375)
              at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:364)
              at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286)
              at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:776)
              at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:712)
          Caused: io.jenkins.plugins.casc.ConfiguratorException: security: error configuring 'security' with class io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator configurator
              at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:718)
              at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:776)
              at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:761)
              at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:637)
              at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:306)
              at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:298)
          Caused: java.lang.reflect.InvocationTargetException
              at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
              at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
              at java.base/java.lang.reflect.Method.invoke(Unknown Source)
              at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:109)
          Caused: java.lang.Error
              at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:115)
              at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185)
              at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
              at jenkins.model.Jenkins$5.runTask(Jenkins.java:1164)
              at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
              at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
              at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
              at java.base/java.lang.Thread.run(Unknown Source)
          Caused: org.jvnet.hudson.reactor.ReactorException
              at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:290)
              at jenkins.InitReactorRunner.run(InitReactorRunner.java:49)
              at jenkins.model.Jenkins.executeReactor(Jenkins.java:1199)
              at jenkins.model.Jenkins.<init>(Jenkins.java:987)
              at hudson.model.Hudson.<init>(Hudson.java:86)
              at hudson.model.Hudson.<init>(Hudson.java:82)
              at hudson.WebAppMain$3.run(WebAppMain.java:247)
          Caused: hudson.util.HudsonFailedToLoad
              at hudson.WebAppMain$3.run(WebAppMain.java:264) {code}
          my casc files looks just like:
          {code:java}
           57 security:
           58   globaljobdslsecurityconfiguration:
           59     useScriptSecurity: true
           60   queueItemAuthenticator:
           61     authenticators:
           62     - global:
           63         strategy: triggeringUsersAuthorizationStrategy            {code}
          I'm using jenkins 2.387.2 and version of this authorize plugin 1.5.1.

          * Jenkins is dockerized [2.387.2-lts-alpine|https://hub.docker.com/layers/jenkins/jenkins/2.387.2-lts-alpine/images/sha256-209484168fe11d997011676ad8970ad442eb40bbce96355099ac305d25fec431?context=explore]

           

          I was getting this error for a long time with previous versions too.

          I will appreciate any help!

          R K added a comment -

          Hi Mark, I was trying to reproduce the issue with basic docker image + ansible deploy but no success, I can't provide our full deployment scripts. I'm afraid the issue will be some race condition. 

          if something will help you I'm using

          podman version 3.3.1

          docker image looks like:

          FROM jenkins/jenkins:2.387.2-lts-alpine
          ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false -Xmx2048m -Dhudson.model.DirectoryBrowserSupport.CSP=\'sandbox allow-forms allow-scripts allow-same-origin allow-top-navigation\'
          ENV CASC_JENKINS_CONFIG /var/jenkins_home/casc_configurations/COPY --chown=jenkins:jenkins plugin-list /usr/share/jenkins/ref/plugin-list.txt
          RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugin-list.txtUSER root
          COPY <cert1> $JAVA_HOME/lib/security
          COPY <cert2> $JAVA_HOME/lib/security
          ...
          RUN update-ca-certificatesRUN \
              cd $JAVA_HOME/lib/security \
              && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ourcert -file <cert1> \
              ...
          
          USER jenkins     

          jenkins is deployed with:

           

          - name: run jenkins
            containers.podman.podman_container:
              name: jenkins
              image: <our_repo>:12345
              state: present
              recreate: yes 
              rm: no
              privileged: true
              volumes:
                - /var/jenkins_home:/var/jenkins_home
              ports:
                  - "443:8443"
              env:
                  SECRETS_FILE: "/path/to/secrets.properties"
                  JENKINS_OPTS: >
                    --httpPort=-1 --httpsPort=8443 --httpsKeyStore=/path/to/certs/abcd.jks
                    --httpKeepAliveTimeout=120000 --httpsKeepAliveTimeout=120000
                    --httpsKeyStorePassword=<keystore pass>
                  JENKINS_TITLE: "Jenkins"
                  JENKINS_URL: <our host>
                  PLUGINS_FORCE_UPGRADE: true 

          before deploy I remove via ansible full plugins folder too.
          those are the plugins I'm using

          configuration-as-code:latest                                                                                                                                                                                                 
          git:latest
          ldap:latest
          matrix-auth:latest
          pam-auth:latest
          authorize-project:latest
          cloudbees-folder:latest
          job-dsl:latest
          blueocean:latest
          ssh-slaves:latest
          ansicolor:latest
          Parameterized-Remote-Trigger:latest
          uno-choice:latest
          build-name-setter:latest
          hashicorp-vault-plugin:latest
          mask-passwords:latest
          sshd:latest
          command-launcher:latest
          jaxb:latest
          jdk-tool:latest
          test-results-aggregator:latest
          slack:latest
          workflow-aggregator:latest
          ws-cleanup:latest
          pipeline-utility-steps:latest
          copyartifact:latest
          build-discarder:latest 

           

          what kind of log files I should collect if this issue will repeat?

          R K added a comment - Hi Mark, I was trying to reproduce the issue with basic docker image + ansible deploy but no success, I can't provide our full deployment scripts. I'm afraid the issue will be some race condition.  if something will help you I'm using podman version 3.3.1 docker image looks like: FROM jenkins/jenkins:2.387.2-lts-alpine ENV JAVA_OPTS -Djenkins.install.runSetupWizard= false -Xmx2048m -Dhudson.model.DirectoryBrowserSupport.CSP=\ 'sandbox allow-forms allow-scripts allow-same-origin allow-top-navigation\' ENV CASC_JENKINS_CONFIG / var /jenkins_home/casc_configurations/COPY --chown=jenkins:jenkins plugin-list /usr/share/jenkins/ref/plugin-list.txt RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugin-list.txtUSER root COPY <cert1> $JAVA_HOME/lib/security COPY <cert2> $JAVA_HOME/lib/security ... RUN update-ca-certificatesRUN \     cd $JAVA_HOME/lib/security \     && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ourcert -file <cert1> \ ... USER jenkins     jenkins is deployed with:   - name: run jenkins   containers.podman.podman_container:     name: jenkins     image: <our_repo>:12345     state: present     recreate: yes      rm: no     privileged: true     volumes:       - / var /jenkins_home:/ var /jenkins_home     ports:         - "443:8443"     env:         SECRETS_FILE: "/path/to/secrets.properties"         JENKINS_OPTS: >           --httpPort=-1 --httpsPort=8443 --httpsKeyStore=/path/to/certs/abcd.jks           --httpKeepAliveTimeout=120000 --httpsKeepAliveTimeout=120000           --httpsKeyStorePassword=<keystore pass>         JENKINS_TITLE: "Jenkins"         JENKINS_URL: <our host>         PLUGINS_FORCE_UPGRADE: true before deploy I remove via ansible full plugins folder too. those are the plugins I'm using configuration-as-code:latest                                                                                                                                                                                                  git:latest ldap:latest matrix-auth:latest pam-auth:latest authorize-project:latest cloudbees-folder:latest job-dsl:latest blueocean:latest ssh-slaves:latest ansicolor:latest Parameterized-Remote-Trigger:latest uno-choice:latest build-name-setter:latest hashicorp-vault-plugin:latest mask-passwords:latest sshd:latest command-launcher:latest jaxb:latest jdk-tool:latest test-results-aggregator:latest slack:latest workflow-aggregator:latest ws-cleanup:latest pipeline-utility-steps:latest copyartifact:latest build-discarder:latest   what kind of log files I should collect if this issue will repeat?

            Unassigned Unassigned
            roboo R K
            Votes:
            7 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated: