[JENKINS-71788] After upgrade to 2.401.3 getting remote stack trace error when calling git branch:xxx url:xxx within withVault block

Type: Bug
Resolution: Fixed
Priority: Blocker
Component/s: hashicorp-vault-plugin
Labels:
None
Environment:

Hide
Jenkins: 2.401.3
OS: Linux - 5.4.0-1094-azure
Java: 11.0.19 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
---
ace-editor:1.1
ansicolor:1.0.3
ant:497.v94e7d9fffa_b_9
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
authentication-tokens:1.53.v1c90fd9191a_b_
authorize-project:1.7.1
azure-commons:1.1.3
blueocean:1.27.5
blueocean-autofavorite:1.2.5
blueocean-bitbucket-pipeline:1.27.5
blueocean-commons:1.27.5
blueocean-config:1.27.5
blueocean-core-js:1.27.5
blueocean-dashboard:1.27.5
blueocean-display-url:2.4.2
blueocean-events:1.27.5
blueocean-executor-info:1.27.5
blueocean-git-pipeline:1.27.5
blueocean-github-pipeline:1.27.5
blueocean-i18n:1.27.5
blueocean-jira:1.27.5
blueocean-jwt:1.27.5
blueocean-personalization:1.27.5
blueocean-pipeline-api-impl:1.27.5
blueocean-pipeline-editor:1.27.5
blueocean-pipeline-scm-api:1.27.5
blueocean-rest:1.27.5
blueocean-rest-impl:1.27.5
blueocean-web:1.27.5
bootstrap4-api:4.6.0-6
bootstrap5-api:5.3.0-1
bouncycastle-api:2.29
branch-api:2.1122.v09cb_8ea_8a_724
build-timeout:1.31
caffeine-api:3.1.6-115.vb_8b_b_328e59d8
checks-api:2.0.0
cloudbees-bitbucket-branch-source:825.va_6a_dc46a_f97d
cloudbees-folder:6.815.v0dd5a_cb_40e0e
command-launcher:106.vb_a_b_8f751309c
commons-lang3-api:3.13.0-62.v7d18e55f51e2
commons-text-api:1.10.0-68.v0d0b_c439292b_
credentials:1271.v54b_1c2c6388a_
credentials-binding:631.v861c06d062b_4
data-tables-api:1.13.5-1
display-url-api:2.3.8
docker-commons:439.va_3cb_0a_6a_fb_29
docker-workflow:563.vd5d2e5c4007f
durable-task:513.vc48a_a_075a_d93
echarts-api:5.4.0-5
email-ext:2.100
favorite:2.4.3
font-awesome-api:6.4.0-2
git:5.2.0
git-client:4.4.0
git-server:99.va_0826a_b_cdfa_d
github:1.37.2
github-api:1.314-431.v78d72a_3fe4c3
github-branch-source:1732.v3f1889a_c475b_
github-oauth:588.vf696a_350572a_
gradle:2.8.2
handlebars:3.0.8
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
hashicorp-vault-pipeline:1.4
hashicorp-vault-plugin:360.v0a_1c04cf807d
htmlpublisher:1.32
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:73.vddf737284550
jenkins-design-language:1.27.5
jersey2-api:2.40-1
jira:3.10
jjwt-api:0.11.5-77.v646c772fddb_0
jquery-detached:1.2.1
jquery3-api:3.7.0-1
jsch:0.2.8-65.v052c39de79b_2
junit:1217.v4297208a_a_b_ce
kubernetes:3952.v88e3b_0cf300b_
kubernetes-cd:2.3.1
kubernetes-cli:1.12.0
kubernetes-client-api:6.4.1-215.v2ed17097a_8e9
kubernetes-credentials:0.10.0
kubernetes-credentials-provider:1.225.v14f9e6b_28f53
kubernetes-pipeline-devops-steps:1.6
ldap:694.vc02a_69c9787f
lockable-resources:1185.v0c528656ce04
mailer:463.vedf8358e006b_
matrix-auth:3.1.10
matrix-project:802.v8013b_40c7edc
mercurial:1260.vdfb_723cdcc81
metrics:4.2.18-442.v02e107157925
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
momentjs:1.1.1
okhttp-api:4.11.0-157.v6852a_a_fa_ec11
pam-auth:1.10
pipeline-build-step:505.v5f0844d8d126
pipeline-github-lib:42.v0739460cda_c4
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:671.v07c339c842e8
pipeline-input-step:477.v339683a_8d55e
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2144.v077a_d1928a_40
pipeline-model-definition:2.2144.v077a_d1928a_40
pipeline-model-extensions:2.2144.v077a_d1928a_40
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40
pipeline-stage-view:2.33
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.3.0
popper-api:1.16.1-3
popper2-api:2.11.6-2
pubsub-light:1.17
resource-disposer:0.23
scm-api:676.v886669a_199a_a_
script-security:1264.vecf66020eb_7d
simple-theme-plugin:160.vb_76454b_67900
slack:664.vc9a_90f8b_c24a_
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
sse-gateway:1.26
ssh-credentials:308.ve4497b_ccd8f4
ssh-slaves:2.916.vd17b_43357ce4
sshd:3.312.v1c601b_c83b_0e
structs:324.va_f5d6774f3a_d
timestamper:1.26
token-macro:383.v36161104b_002
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
workflow-aggregator:596.v8c21c963d92d
workflow-api:1251.vd4889a_b_0a_065
workflow-basic-steps:1042.ve7b_140c4a_e0c
workflow-cps:3731.ve4b_5b_857b_a_d3
workflow-cps-global-lib:609.vd95673f149b_b
workflow-durable-task-step:1278.v94b_dc2b_50c6f
workflow-job:1316.vd2290d3341a_f
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:848.v5a_383b_d14921
ws-cleanup:0.45

Show
Jenkins: 2.401.3 OS: Linux - 5.4.0-1094-azure Java: 11.0.19 - Eclipse Adoptium (OpenJDK 64-Bit Server VM) --- ace-editor:1.1 ansicolor:1.0.3 ant:497.v94e7d9fffa_b_9 antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5 authentication-tokens:1.53.v1c90fd9191a_b_ authorize-project:1.7.1 azure-commons:1.1.3 blueocean:1.27.5 blueocean-autofavorite:1.2.5 blueocean-bitbucket-pipeline:1.27.5 blueocean-commons:1.27.5 blueocean-config:1.27.5 blueocean-core-js:1.27.5 blueocean-dashboard:1.27.5 blueocean-display-url:2.4.2 blueocean-events:1.27.5 blueocean-executor-info:1.27.5 blueocean-git-pipeline:1.27.5 blueocean-github-pipeline:1.27.5 blueocean-i18n:1.27.5 blueocean-jira:1.27.5 blueocean-jwt:1.27.5 blueocean-personalization:1.27.5 blueocean-pipeline-api-impl:1.27.5 blueocean-pipeline-editor:1.27.5 blueocean-pipeline-scm-api:1.27.5 blueocean-rest:1.27.5 blueocean-rest-impl:1.27.5 blueocean-web:1.27.5 bootstrap4-api:4.6.0-6 bootstrap5-api:5.3.0-1 bouncycastle-api:2.29 branch-api:2.1122.v09cb_8ea_8a_724 build-timeout:1.31 caffeine-api:3.1.6-115.vb_8b_b_328e59d8 checks-api:2.0.0 cloudbees-bitbucket-branch-source:825.va_6a_dc46a_f97d cloudbees-folder:6.815.v0dd5a_cb_40e0e command-launcher:106.vb_a_b_8f751309c commons-lang3-api:3.13.0-62.v7d18e55f51e2 commons-text-api:1.10.0-68.v0d0b_c439292b_ credentials:1271.v54b_1c2c6388a_ credentials-binding:631.v861c06d062b_4 data-tables-api:1.13.5-1 display-url-api:2.3.8 docker-commons:439.va_3cb_0a_6a_fb_29 docker-workflow:563.vd5d2e5c4007f durable-task:513.vc48a_a_075a_d93 echarts-api:5.4.0-5 email-ext:2.100 favorite:2.4.3 font-awesome-api:6.4.0-2 git:5.2.0 git-client:4.4.0 git-server:99.va_0826a_b_cdfa_d github:1.37.2 github-api:1.314-431.v78d72a_3fe4c3 github-branch-source:1732.v3f1889a_c475b_ github-oauth:588.vf696a_350572a_ gradle:2.8.2 handlebars:3.0.8 handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953 hashicorp-vault-pipeline:1.4 hashicorp-vault-plugin:360.v0a_1c04cf807d htmlpublisher:1.32 instance-identity:173.va_37c494ec4e5 ionicons-api:56.v1b_1c8c49374e jackson2-api:2.15.2-350.v0c2f3f8fc595 jakarta-activation-api:2.0.1-3 jakarta-mail-api:2.0.1-3 javax-activation-api:1.2.0-6 javax-mail-api:1.6.2-9 jaxb:2.3.8-1 jdk-tool:73.vddf737284550 jenkins-design-language:1.27.5 jersey2-api:2.40-1 jira:3.10 jjwt-api:0.11.5-77.v646c772fddb_0 jquery-detached:1.2.1 jquery3-api:3.7.0-1 jsch:0.2.8-65.v052c39de79b_2 junit:1217.v4297208a_a_b_ce kubernetes:3952.v88e3b_0cf300b_ kubernetes-cd:2.3.1 kubernetes-cli:1.12.0 kubernetes-client-api:6.4.1-215.v2ed17097a_8e9 kubernetes-credentials:0.10.0 kubernetes-credentials-provider:1.225.v14f9e6b_28f53 kubernetes-pipeline-devops-steps:1.6 ldap:694.vc02a_69c9787f lockable-resources:1185.v0c528656ce04 mailer:463.vedf8358e006b_ matrix-auth:3.1.10 matrix-project:802.v8013b_40c7edc mercurial:1260.vdfb_723cdcc81 metrics:4.2.18-442.v02e107157925 mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_ mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_ momentjs:1.1.1 okhttp-api:4.11.0-157.v6852a_a_fa_ec11 pam-auth:1.10 pipeline-build-step:505.v5f0844d8d126 pipeline-github-lib:42.v0739460cda_c4 pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-groovy-lib:671.v07c339c842e8 pipeline-input-step:477.v339683a_8d55e pipeline-milestone-step:111.v449306f708b_7 pipeline-model-api:2.2144.v077a_d1928a_40 pipeline-model-definition:2.2144.v077a_d1928a_40 pipeline-model-extensions:2.2144.v077a_d1928a_40 pipeline-rest-api:2.33 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40 pipeline-stage-view:2.33 plain-credentials:143.v1b_df8b_d3b_e48 plugin-util-api:3.3.0 popper-api:1.16.1-3 popper2-api:2.11.6-2 pubsub-light:1.17 resource-disposer:0.23 scm-api:676.v886669a_199a_a_ script-security:1264.vecf66020eb_7d simple-theme-plugin:160.vb_76454b_67900 slack:664.vc9a_90f8b_c24a_ snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4 sse-gateway:1.26 ssh-credentials:308.ve4497b_ccd8f4 ssh-slaves:2.916.vd17b_43357ce4 sshd:3.312.v1c601b_c83b_0e structs:324.va_f5d6774f3a_d timestamper:1.26 token-macro:383.v36161104b_002 trilead-api:2.84.v72119de229b_7 variant:59.vf075fe829ccb workflow-aggregator:596.v8c21c963d92d workflow-api:1251.vd4889a_b_0a_065 workflow-basic-steps:1042.ve7b_140c4a_e0c workflow-cps:3731.ve4b_5b_857b_a_d3 workflow-cps-global-lib:609.vd95673f149b_b workflow-durable-task-step:1278.v94b_dc2b_50c6f workflow-job:1316.vd2290d3341a_f workflow-multibranch:756.v891d88f2cd46 workflow-scm-step:415.v434365564324 workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:848.v5a_383b_d14921 ws-cleanup:0.45

Similar Issues:
Powered by SuggestiMate

Show
Released As:
https://github.com/jenkinsci/hashicorp-vault-plugin/releases/tag/361.v44fea_4fc08d9

We are running the Jenkins image 2.401.3-lts on kubernetes 1.24.6

This is what I see from the Jenkins pod logs

2023-08-09 14:42:54.474+0000 [id=231]    INFO    hudson.slaves.NodeProvisioner#update: acr-sync-230809.0742-xkbj7-f8dqc provisioning successfully completed. We have now 2 computer(s)
2023-08-09 14:42:54.556+0000 [id=246]    INFO    o.c.j.p.k.KubernetesLauncher#launch: Created Pod: kubernetes terraform/acr-sync-230809.0742-xkbj7-f8dqc
2023-08-09 14:42:56.969+0000 [id=246]    INFO    o.c.j.p.k.KubernetesLauncher#launch: Pod is running: kubernetes terraform/acr-sync-230809.0742-xkbj7-f8dqc
2023-08-09 14:42:58.403+0000 [id=260]    INFO    com.bettercloud.vault.Vault#<init>: The NameSpace ssc/myproject/production has been bound to this Vault instance. Please keep this in mind when running operations.
2023-08-09 14:43:00.635+0000 [id=231]    INFO    o.c.j.p.k.KubernetesSlave#_terminate: Terminating Kubernetes instance for agent acr-sync-230809.0742-xkbj7-f8dqc
2023-08-09 14:43:00.672+0000 [id=231]    INFO    o.c.j.p.k.KubernetesSlave#deleteSlavePod: Terminated Kubernetes instance for agent terraform/acr-sync-230809.0742-xkbj7-f8dqc
2023-08-09 14:43:00.673+0000 [id=231]    INFO    o.c.j.p.k.KubernetesSlave#_terminate: Disconnected computer acr-sync-230809.0742-xkbj7-f8dqc
2023-08-09 14:43:00.675+0000 [id=257]    INFO    hudson.remoting.Request$2#run: Failed to send back a reply to the request RPCRequest:hudson.remoting.RemoteClassLoader$IClassLoader.fetch3[java.lang.String](2): hudson.remoting.ChannelClosedException: Channel "hudson.remoting.Channel@5b467799:acr-sync-230809.0742-xkbj7-f8dqc": channel is already closed
2023-08-09 14:43:00.682+0000 [id=19]    INFO    j.s.DefaultJnlpSlaveReceiver#channelClosed: Jetty (winstone)-19 for acr-sync-230809.0742-xkbj7-f8dqc terminated: java.nio.channels.ClosedChannelException
2023-08-09 14:43:00.683+0000 [id=19]    INFO    j.s.DefaultJnlpSlaveReceiver#channelClosed: Jetty (winstone)-19 for acr-sync-230809.0742-xkbj7-f8dqc terminated: java.nio.channels.ClosedChannelException
2023-08-09 14:43:01.163+0000 [id=246]    INFO    o.j.p.g.ApiRateLimitChecker$RateLimitCheckerAdapter#checkRateLimit: LocalChecker for rate limit was not set for this thread. Configured using system settings with API URL 'https://github.enterprise.internal/api/v3'.

Our Jenkins job is defined as follows

if (env.BRANCH_NAME == 'master' && env.JENKINS_URL == 'https://jenkins.prod/') {
    docker_registry= "prod.azurecr.io"
    prod_acr = "prid"
    dev_acr = "dev.azurecr.io"
    VAULT_BOT = 'vault_bot'
    VAULT_NAMESPACE = 'ssc/myproject/production'
    VAULT_GBAAS_PATH = 'kv/acrsync'
    WORK_DIR = "images-sync/scripts"
}else{
    return
}properties([
    parameters ([
        string(name: 'version', description: 'e.g 2104.rc / 2105.rc'),
        string(name: 'product', description: 'e.g myproject, web3, pa'),
    ])
])def now = new Date()
def label = 'acr-sync-' + now.format("yyMMdd.HHmm", TimeZone.getTimeZone('America/Los_Angeles'))def download_repo(branchName, targetDir, repository) {
    dir(targetDir){
        withVault(configuration: [engineVersion: 2, timeout: 60, vaultCredentialId: VAULT_BOT, vaultNamespace: VAULT_NAMESPACE, vaultUrl: 'https://vautl.url'], vaultSecrets: [[path: VAULT_GBAAS_PATH, secretValues: [[vaultKey: 'git_bot_username'], [vaultKey: 'git_bot_token']]]]){
                git branch: branchName, url: "https://${git_bot_username}:${git_bot_token}@github.enterprise.internal/myproject/${repository}.git"
        }
    }
}def azLogin() {
    withVault(configuration: [engineVersion: 2, timeout: 60, vaultCredentialId: VAULT_BOT, vaultNamespace: VAULT_NAMESPACE, vaultUrl: 'https://vautl.url'], vaultSecrets: [[path: VAULT_GBAAS_PATH, secretValues: [[vaultKey: 'AZURE_CLIENT_ID'], [vaultKey: 'AZURE_CLIENT_SECRET'], [vaultKey: 'AZURE_SUBSCRIPTION_ID'], [vaultKey: 'AZURE_TENANT_ID']]]]) {
        sh script: """
            az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID}
            az account set --subscription ${AZURE_SUBSCRIPTION_ID}
        """
    }
}podTemplate(label: label, yaml: """apiVersion: v1
kind: Pod
metadata:
  namespace: terraform
  labels:
    ${label}: yes
spec:
  imagePullSecrets:
    - name: acr-sp-secret
  containers:
    - name: terraform-base
      imagePullPolicy: Always
      image: "${docker_registry}/base-images/terraform:v4.8"
      command:
        - cat
      tty: true
""")
{
    node(label) {
        stage ('download repo') {
            download_repo("master", "images-sync", "images-sync")
        }
        stage('Push images'){
            container(name: 'terraform-base') {
                script {
                    azLogin()
                    dir (WORK_DIR) {
                        withVault(configuration: [engineVersion: 2, timeout: 60, vaultCredentialId: VAULT_BOT, vaultNamespace: VAULT_NAMESPACE, vaultUrl: 'https://vautl.url'], vaultSecrets: [[path: VAULT_GBAAS_PATH, secretValues: [[vaultKey: 'AZURE_DEV_SP_CLIENT_ID'], [vaultKey: 'AZURE_DEV_SP_CLIENT_SECRET'], [vaultKey: 'slack_bot']]]]) {
                            sh """
                                ./sync-images.sh --prod-acr ${prod_acr} --dev-acr ${dev_acr} --username ${AZURE_DEV_SP_CLIENT_ID} --password ${AZURE_DEV_SP_CLIENT_SECRET} --version ${version} --slack-bot-key ${slack_bot} --product ${product}
                            """
                        }
                    }
                }
            }
        }
    }
}

And when I run the job manually I see the following error

The recommended git tool is: NONENo credentials specifiedCloning the remote Git repository[Pipeline] }[Pipeline] // withVault[Pipeline] }[Pipeline] // dir[Pipeline] }[Pipeline] // stage[Pipeline] }[Pipeline] // node[Pipeline] }[Pipeline] // podTemplate[Pipeline] End of PipelineAlso:   hudson.remoting.Channel$CallSiteStackTrace: Remote call to acr-sync-230809.0742-xkbj7-f8dqc		at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1784)		at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:356)		at hudson.remoting.Channel.call(Channel.java:1000)		at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:153)		at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)		at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)		at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)		at java.base/java.lang.reflect.Method.invoke(Method.java:566)		at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:138)		at com.sun.proxy.$Proxy181.execute(Unknown Source)		at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1222)		at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1305)		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:129)		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:97)		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:84)		at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)		at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)		at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)		at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)		at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)		at java.base/java.lang.Thread.run(Thread.java:829)Also:   org.jenkinsci.plugins.workflow.actions.ErrorAction$ErrorId: 55964d83-f998-4ac1-bdfb-b2f008c16f13java.lang.IllegalStateException: Not running on the Jenkins controller JVM	at jenkins.util.JenkinsJVM.checkJenkinsJVM(JenkinsJVM.java:46)	at org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns.getAggregateSecretPattern(SecretPatterns.java:57)	at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter.lambda$decorateLogger$0(MaskingConsoleLogFilter.java:43)	at org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns$MaskingOutputStream.eol(SecretPatterns.java:93)	at hudson.console.LineTransformationOutputStream.eol(LineTransformationOutputStream.java:61)	at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:57)	at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:75)	at java.base/java.io.PrintStream.write(Unknown Source)	at java.base/sun.nio.cs.StreamEncoder.writeBytes(Unknown Source)	at java.base/sun.nio.cs.StreamEncoder.implFlushBuffer(Unknown Source)	at java.base/sun.nio.cs.StreamEncoder.flushBuffer(Unknown Source)	at java.base/java.io.OutputStreamWriter.flushBuffer(Unknown Source)	at java.base/java.io.PrintStream.newLine(Unknown Source)	at java.base/java.io.PrintStream.println(Unknown Source)	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:807)	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:170)	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:161)	at hudson.remoting.UserRequest.perform(UserRequest.java:211)	at hudson.remoting.UserRequest.perform(UserRequest.java:54)	at hudson.remoting.Request$2.run(Request.java:377)	at hudson.remoting.InterceptingExecutorService.lambda$wrap$0(InterceptingExecutorService.java:78)	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)	at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:125)	at java.base/java.lang.Thread.run(Unknown Source)
Could not update commit status, please check if your scan credentials belong to a member of the organization or a collaborator of the repository and repo:status scope is selected

GitHub has been notified of this commit’s build result

Scott Watson created issue - 2023-08-09 15:49

Mark Waite made changes - 2023-08-09 17:16

Assignee

Original: Mark Waite [ markewaite ]

Scott Watson added a comment - 2023-08-09 19:54

So the problem is caused when git branch is called within the withVault block. If I move the git branch outside of the withVault block it works.

So what could be the issue with the git command running inside the withVault block?

Scott Watson added a comment - 2023-08-09 19:54 So the problem is caused when git branch is called within the withVault block. If I move the git branch outside of the withVault block it works. So what could be the issue with the git command running inside the withVault block?

Scott Watson made changes - 2023-08-09 19:59

Summary

Original: After upgrade to 2.401.3 getting remote stack trace error

New: After upgrade to 2.401.3 getting remote stack trace error when calling git branch:xxx url:xxx within withVault block

Scott Watson made changes - 2023-08-10 14:43

Priority

Original: Minor [ 4 ]

New: Blocker [ 1 ]

Anders Sigfridsson added a comment - 2023-08-11 11:19

We also have this problem, but in our case it happens when we call "tool" inside a withVault block, like this:

withVault(
    configuration: [timeout: 60, vaultCredentialId: 'jenkins-vault-app-role', vaultUrl: "https://vault.example.com:8200"],
    vaultSecrets: [[path: "secret/apps/jenkins", secretValues: [
        [envVar: 'FOO', vaultKey: 'BAR'],
        [envVar: 'BAZ', vaultKey: 'QUX']]]]) {
    def toolPath = tool "govc-v0.24.0"
}

Which results in:

Also:   org.jenkinsci.plugins.workflow.actions.ErrorAction$ErrorId: 8194a8d4-e114-420d-9b8b-32909be468c6
java.lang.IllegalStateException: Not running on the Jenkins controller JVM
	at jenkins.util.JenkinsJVM.checkJenkinsJVM(JenkinsJVM.java:46)
	at org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns.getAggregateSecretPattern(SecretPatterns.java:57)
	at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter.lambda$decorateLogger$0(MaskingConsoleLogFilter.java:43)
	at org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns$MaskingOutputStream.eol(SecretPatterns.java:93)
	at hudson.console.LineTransformationOutputStream.eol(LineTransformationOutputStream.java:61)
	at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:57)
	at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:75)
	at java.base/java.io.PrintStream.write(PrintStream.java:568)
	at java.base/sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:234)
	at java.base/sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:313)
	at java.base/sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:111)
	at java.base/java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:178)
	at java.base/java.io.PrintStream.writeln(PrintStream.java:723)
	at java.base/java.io.PrintStream.println(PrintStream.java:1051)
	at hudson.Launcher.printCommandLine(Launcher.java:817)
	at hudson.Launcher.maskedPrintCommandLine(Launcher.java:832)
	at hudson.Launcher$LocalLauncher.launch(Launcher.java:977)
	at hudson.Launcher$ProcStarter.start(Launcher.java:509)
	at hudson.Launcher$RemoteLaunchCallable.call(Launcher.java:1398)
	at hudson.Launcher$RemoteLaunchCallable.call(Launcher.java:1340)
	at hudson.remoting.UserRequest.perform(UserRequest.java:211)
	at hudson.remoting.UserRequest.perform(UserRequest.java:54)
	at hudson.remoting.Request$2.run(Request.java:377)
	at hudson.remoting.InterceptingExecutorService.lambda$wrap$0(InterceptingExecutorService.java:78)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:833)

I believe it might be related to a new version of credentials-binding: https://github.com/jenkinsci/credentials-binding-plugin/releases/tag/631.v861c06d062b_4

It includes PR https://github.com/jenkinsci/credentials-binding-plugin/pull/260 and in the comments there we see the exact same exception:

java.lang.IllegalStateException: Not running on the Jenkins controller JVM 
    at jenkins.util.JenkinsJVM.checkJenkinsJVM(JenkinsJVM.java:46)
    at org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns.getAggregateSecretPattern(SecretPatterns.java:57)

When we downgrade to credentials:1254.vb_96f366e7b_a_d the problem goes away.

Anders Sigfridsson added a comment - 2023-08-11 11:19 We also have this problem, but in our case it happens when we call "tool" inside a withVault block, like this: withVault( configuration: [timeout: 60, vaultCredentialId: 'jenkins-vault-app-role' , vaultUrl: "https: //vault.example.com:8200" ], vaultSecrets: [[path: "secret/apps/jenkins" , secretValues: [ [envVar: 'FOO' , vaultKey: 'BAR' ], [envVar: 'BAZ' , vaultKey: 'QUX' ]]]]) { def toolPath = tool "govc-v0.24.0" } Which results in: Also: org.jenkinsci.plugins.workflow.actions.ErrorAction$ErrorId: 8194a8d4-e114-420d-9b8b-32909be468c6 java.lang.IllegalStateException: Not running on the Jenkins controller JVM at jenkins.util.JenkinsJVM.checkJenkinsJVM(JenkinsJVM.java:46) at org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns.getAggregateSecretPattern(SecretPatterns.java:57) at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter.lambda$decorateLogger$0(MaskingConsoleLogFilter.java:43) at org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns$MaskingOutputStream.eol(SecretPatterns.java:93) at hudson.console.LineTransformationOutputStream.eol(LineTransformationOutputStream.java:61) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:57) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:75) at java.base/java.io.PrintStream.write(PrintStream.java:568) at java.base/sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:234) at java.base/sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:313) at java.base/sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:111) at java.base/java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:178) at java.base/java.io.PrintStream.writeln(PrintStream.java:723) at java.base/java.io.PrintStream.println(PrintStream.java:1051) at hudson.Launcher.printCommandLine(Launcher.java:817) at hudson.Launcher.maskedPrintCommandLine(Launcher.java:832) at hudson.Launcher$LocalLauncher.launch(Launcher.java:977) at hudson.Launcher$ProcStarter.start(Launcher.java:509) at hudson.Launcher$RemoteLaunchCallable.call(Launcher.java:1398) at hudson.Launcher$RemoteLaunchCallable.call(Launcher.java:1340) at hudson.remoting.UserRequest.perform(UserRequest.java:211) at hudson.remoting.UserRequest.perform(UserRequest.java:54) at hudson.remoting.Request$2.run(Request.java:377) at hudson.remoting.InterceptingExecutorService.lambda$wrap$0(InterceptingExecutorService.java:78) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang. Thread .run( Thread .java:833) I believe it might be related to a new version of credentials-binding: https://github.com/jenkinsci/credentials-binding-plugin/releases/tag/631.v861c06d062b_4 It includes PR https://github.com/jenkinsci/credentials-binding-plugin/pull/260 and in the comments there we see the exact same exception: java.lang.IllegalStateException: Not running on the Jenkins controller JVM at jenkins.util.JenkinsJVM.checkJenkinsJVM(JenkinsJVM.java:46) at org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns.getAggregateSecretPattern(SecretPatterns.java:57) When we downgrade to credentials:1254.vb_96f366e7b_a_d the problem goes away.

Scott Watson added a comment - 2023-08-11 13:20

ansig thanks for the info. I actually tried to downgrade my credentials earlier but then Jenkins would not start and had to put it back. Did you downgrade something else besides credentials? I had used the advanced option and downloaded the hpi.

Scott Watson added a comment - 2023-08-11 13:20 ansig thanks for the info. I actually tried to downgrade my credentials earlier but then Jenkins would not start and had to put it back. Did you downgrade something else besides credentials? I had used the advanced option and downloaded the hpi.

Anders Sigfridsson added a comment - 2023-08-14 07:53 - edited

Sorry for the late reply rscottwatson !

We downgraded:

credentials-binding:631.v861c06d062b_4 -> credentials-binding:604.vb_64480b_c56ca_
credentials:1271.v54b_1c2c6388a_ -> credentials:1254.vb_96f366e7b_a_d

Then also had to downgrade the following since they depended on a newer credentials:

ansible:253.v4fe719ffdd8a_ -> ansible:240.vc26740a_625c0
email-ext:2.100 -> email-ext:2.99
ssh-slaves:2.916.vd17b_43357ce4 -> ssh-slaves:2.877.v365f5eb_a_b_eec
ssh-credentials:308.ve4497b_ccd8f4 -> ssh-credentials:305.v8f4381501156

Anders Sigfridsson added a comment - 2023-08-14 07:53 - edited Sorry for the late reply rscottwatson ! We downgraded: credentials-binding:631.v861c06d062b_4 -> credentials-binding:604.vb_64480b_c56ca_ credentials:1271.v54b_1c2c6388a_ -> credentials:1254.vb_96f366e7b_a_d Then also had to downgrade the following since they depended on a newer credentials: ansible:253.v4fe719ffdd8a_ -> ansible:240.vc26740a_625c0 email-ext:2.100 -> email-ext:2.99 ssh-slaves:2.916.vd17b_43357ce4 -> ssh-slaves:2.877.v365f5eb_a_b_eec ssh-credentials:308.ve4497b_ccd8f4 -> ssh-credentials:305.v8f4381501156

Scott Watson added a comment - 2023-08-14 18:30

ansig Thank you so much for taking the time to post your answer. This has got me up and running again. It has been a few very stressful days. For anyone else reading this I also had to downgrade email-ext from version 2.100 to 2.99.

THANK YOU!!

Scott Watson added a comment - 2023-08-14 18:30 ansig Thank you so much for taking the time to post your answer. This has got me up and running again. It has been a few very stressful days. For anyone else reading this I also had to downgrade email-ext from version 2.100 to 2.99. THANK YOU!!

Caleb added a comment - 2023-08-14 20:22 - edited

I was also hitting this same issue on our instance and downgrading the email-ext plugin solved our issue too, thanks a million ansig and rscottwatson!

Caleb added a comment - 2023-08-14 20:22 - edited I was also hitting this same issue on our instance and downgrading the email-ext plugin solved our issue too, thanks a million ansig and rscottwatson !

Assignee:: Joseph Petersen

Reporter:: Scott Watson

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2023-08-09 15:49

Updated:: 2023-09-11 11:11

Resolved:: 2023-09-11 11:11

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Scott Watson added a comment - 2023-08-09 19:54

Expand comment: Scott Watson added a comment - 2023-08-09 19:54

Collapse comment: Anders Sigfridsson added a comment - 2023-08-11 11:19

Expand comment: Anders Sigfridsson added a comment - 2023-08-11 11:19

Collapse comment: Scott Watson added a comment - 2023-08-11 13:20

Expand comment: Scott Watson added a comment - 2023-08-11 13:20

Collapse comment: Anders Sigfridsson added a comment - 2023-08-14 07:53, Edited by Anders Sigfridsson - 2023-08-14 07:54

Expand comment: Anders Sigfridsson added a comment - 2023-08-14 07:53, Edited by Anders Sigfridsson - 2023-08-14 07:54

Collapse comment: Scott Watson added a comment - 2023-08-14 18:30

Expand comment: Scott Watson added a comment - 2023-08-14 18:30

Collapse comment: Caleb added a comment - 2023-08-14 20:22, Edited by Caleb - 2023-08-14 20:22

Expand comment: Caleb added a comment - 2023-08-14 20:22, Edited by Caleb - 2023-08-14 20:22

People

Dates