Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71966

Blue ocean and kubernetes stack trace with Jenkins 2.387.3 and snakeyaml 2.2

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Minor Minor
    • None

      When I install the suggested plugins from the Jenkins 2.387.3 setup wizard and then install the blue ocean plugin, Jenkins reports a stack trace on startup. The stack trace is:

      2023-09-05 00:56:56.020+0000 [id=35]    WARNING hudson.ExtensionFinder$Sezpoz#scout: Failed to scout io.jenkins.blueocean.service.embedded.analytics.BrowserAndOperatingSystemAnalyticsProperties
      java.lang.NoSuchMethodError: org.yaml.snakeyaml.constructor.SafeConstructor: method 'void <init>()' not found
              at ua_parser.Parser.initialize(Parser.java:80)
              at ua_parser.Parser.<init>(Parser.java:45)
              at io.jenkins.blueocean.service.embedded.analytics.BrowserAndOperatingSystemAnalyticsProperties.<clinit>(BrowserAndOperatingSystemAnalyticsProperties.java:19)
              at java.base/java.lang.Class.forName0(Native Method)
              at java.base/java.lang.Class.forName(Class.java:398)
              at hudson.ExtensionFinder$Sezpoz.scout(ExtensionFinder.java:769)
              at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:353)
              at hudson.ExtensionList.load(ExtensionList.java:384)
              at hudson.ExtensionList.ensureLoaded(ExtensionList.java:320)
              at hudson.ExtensionList.getComponents(ExtensionList.java:184)
              at jenkins.model.Jenkins$6.onInitMilestoneAttained(Jenkins.java:1196)
              at jenkins.InitReactorRunner$1.onAttained(InitReactorRunner.java:88)
              at org.jvnet.hudson.reactor.ReactorListener$Aggregator.lambda$onAttained$3(ReactorListener.java:108)
              at org.jvnet.hudson.reactor.ReactorListener$Aggregator.run(ReactorListener.java:116)
              at org.jvnet.hudson.reactor.ReactorListener$Aggregator.onAttained(ReactorListener.java:108)
              at org.jvnet.hudson.reactor.Reactor$1.run(Reactor.java:182)at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
              at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
              at java.base/java.lang.Thread.run(Thread.java:829)
      

      A stack trace is expected from the kubernetes 4007.v633279962016 plugin when installed with Jenkins 2.387.3 and snakeyaml api plugin 2.2-111.vc6598e30cc65. I've not been able to create a scenario with the kubernetes plugin, but the automated tests show the following stack trace:

      java.lang.NoSuchMethodError: org.yaml.snakeyaml.constructor.SafeConstructor: method 'void <init>()' not found
      	at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:256)
      	at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:387)
      	at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:353)
      	at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:337)
      	at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.unmarshal(OperationSupport.java:753)
      	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.load(BaseOperation.java:261)
      	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.load(BaseOperation.java:93)
      	at org.csanchez.jenkins.plugins.kubernetes.PodTemplateUtils.parseFromYaml(PodTemplateUtils.java:610)
      	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
      	at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
      	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
      	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
      	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
      	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
      	at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
      	at org.csanchez.jenkins.plugins.kubernetes.pod.yaml.Merge.merge(Merge.java:25)
      	at org.csanchez.jenkins.plugins.kubernetes.PodTemplate.getYamlsPod(PodTemplate.java:201)
      	at org.csanchez.jenkins.plugins.kubernetes.PodTemplateBuilder.build(PodTemplateBuilder.java:297)
      	at org.csanchez.jenkins.plugins.kubernetes.PodTemplateBuilderTest.yamlOverrideSecurityContext(PodTemplateBuilderTest.java:817)
      	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
      	at org.mockito.internal.junit.JUnitSessionStore$1.evaluateSafely(JUnitSessionStore.java:55)
      	at org.mockito.internal.junit.JUnitSessionStore$1.evaluate(JUnitSessionStore.java:43)
      	at org.jvnet.hudson.test.JenkinsRule$1.evaluate(JenkinsRule.java:607)
      	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
      	at java.base/java.lang.Thread.run(Thread.java:829)
      

      Workarounds

      The issue can be avoided by choosing to not upgrade the snakeyaml plugin to 2.2.

      The issue can also be avoided by upgrading from Jenkins 2.387.3 to Jenkins 2.401.3 or Jenkins 2.414.1 and upgrading the blue ocean plugins. An updated blue ocean plugin (1.27.6) is available for Jenkins 2.401.3 with support for snakeyaml 2.2

      History

      This failure was originally detected in the Jenkins plugin bill of materials as part of a full test.

      Steps to duplicate the issue:

      1. Create a plugins.txt with the list of plugin versions to be installed
      2. Create a run-jenkins.sh shell script to download Jenkins 2.387.3 and the plugins
      3. Run the run-jenkins.sh shell script
      4. Complete the setup wizard by creating a user and choosing to install no additional plugins
      5. Confirm that the stack trace is not visible in the Jenkins console output
      6. Use the plugin manager page to upgrade the snakeyaml plugin to snakeyaml 2.2
      7. Restart Jenkins and confirm that the stack trace is now reported as listed above

          [JENKINS-71966] Blue ocean and kubernetes stack trace with Jenkins 2.387.3 and snakeyaml 2.2

          Mark Waite added a comment - - edited

          Blue ocean 1.27.5.1 is compatible with Jenkins 2.387.3 and can be installed on Jenkins 2.387.3 from the plugin manager. It doesn't include the support for snakeyaml 2.2. However, the snakeyaml 2.2 plugin is allowed to be installed on 2.387.3 because that meets its requirements for minimum Jenkins version.

          Blue ocean 1.27.6 requires Jenkins 2.401.3 or newer and includes support for snakeyaml 2.2.

          I'm not sure of the best way to handle the change. A backport to create 1.27.5.2 would be one way to resolve it. I suspect there are other ways to handle it as well.

          Mark Waite added a comment - - edited Blue ocean 1.27.5.1 is compatible with Jenkins 2.387.3 and can be installed on Jenkins 2.387.3 from the plugin manager. It doesn't include the support for snakeyaml 2.2. However, the snakeyaml 2.2 plugin is allowed to be installed on 2.387.3 because that meets its requirements for minimum Jenkins version. Blue ocean 1.27.6 requires Jenkins 2.401.3 or newer and includes support for snakeyaml 2.2. I'm not sure of the best way to handle the change. A backport to create 1.27.5.2 would be one way to resolve it. I suspect there are other ways to handle it as well.

          James Nord added a comment - - edited

          > I'm not sure of the best way to handle the change

          well we could bump the baseline of snakeyaml in a 2.3 so it would not be installable as an update to prevent other users on outdated jenkins versions from hitting the issue - it would however would not fix those that already installed.

          Also there is no need for an API plugin to depend on latest Jenkins versions - I would always argue and API plugin should target a lower Jenkins (without dragging in detached dependencies) where it can without introducing unnecessary tech-debt.

          Additionally it is a dependency of other plugins that are targetting lower versions, so that would cause issues for users installing old versions of Jenkins as the plugin dep would not e satisfiable (IIUC how the OSS UC works)?

          > backport to create 1.27.5.2 would be one way to resolve

          and then you need to backport other things also that are incompatible and have moved on. (k8s?)

          There is no difference really here in any plugin (api or otherwise) with a breaking change and plugin dependencies. `2.387` is not supported by the community - it is 2 LTS lines out of date and has security issues.

          either downgrade snakeyaml (it is not needed to be on 2.2 for any security issue) - or upgrade Jenkins and plugins.

          James Nord added a comment - - edited > I'm not sure of the best way to handle the change well we could bump the baseline of snakeyaml in a 2.3 so it would not be installable as an update to prevent other users on outdated jenkins versions from hitting the issue - it would however would not fix those that already installed. Also there is no need for an API plugin to depend on latest Jenkins versions - I would always argue and API plugin should target a lower Jenkins (without dragging in detached dependencies) where it can without introducing unnecessary tech-debt. Additionally it is a dependency of other plugins that are targetting lower versions, so that would cause issues for users installing old versions of Jenkins as the plugin dep would not e satisfiable (IIUC how the OSS UC works)? > backport to create 1.27.5.2 would be one way to resolve and then you need to backport other things also that are incompatible and have moved on. (k8s?) There is no difference really here in any plugin (api or otherwise) with a breaking change and plugin dependencies. `2.387` is not supported by the community - it is 2 LTS lines out of date and has security issues. either downgrade snakeyaml (it is not needed to be on 2.2 for any security issue) - or upgrade Jenkins and plugins.

          Mark Waite added a comment -

          Users of the blue ocean plugins on Jenkins 2.387.3 will also need to avoid installing the most recent update of the configuration as code plugin, since it will install snakeyaml api plugin 2.2

          Mark Waite added a comment - Users of the blue ocean plugins on Jenkins 2.387.3 will also need to avoid installing the most recent update of the configuration as code plugin, since it will install snakeyaml api plugin 2.2

          Mark Waite added a comment -

          either downgrade snakeyaml (it is not needed to be on 2.2 for any security issue) - or upgrade Jenkins and plugins.

          I agree. I think those are the viable options for users running the blue ocean plugins and Jenkins 2.387.3. They need to either remain at snakeyaml API plugin 1.33 or they need to upgrade their Jenkins controller and plugins to a newer version like 2.401.3 or 2.414.1

          I believe that the same scenario can be seen with the kubernetes plugin as indicated by the tests in the plugin bill of materials. I haven't found a way to generate the error message with the kubernetes plugin in a simple case, but the automated tests of the kubernetes plugin show the error when run with Jenkins 2.387.3, kubernetes plugin 4007.v633279962016, and snakeyaml api plugin 2.2-111.vc6598e30cc65.

          I believe the same solution applies to the kubernetes plugin, either upgrade the Jenkins controller, the kubernetes plugin, and the snakeyaml plugin, or do not install the snakeyaml API plugin 2.2 on the Jenkins 2.387.3 controller.

          Mark Waite added a comment - either downgrade snakeyaml (it is not needed to be on 2.2 for any security issue) - or upgrade Jenkins and plugins. I agree. I think those are the viable options for users running the blue ocean plugins and Jenkins 2.387.3. They need to either remain at snakeyaml API plugin 1.33 or they need to upgrade their Jenkins controller and plugins to a newer version like 2.401.3 or 2.414.1 I believe that the same scenario can be seen with the kubernetes plugin as indicated by the tests in the plugin bill of materials . I haven't found a way to generate the error message with the kubernetes plugin in a simple case, but the automated tests of the kubernetes plugin show the error when run with Jenkins 2.387.3, kubernetes plugin 4007.v633279962016, and snakeyaml api plugin 2.2-111.vc6598e30cc65. I believe the same solution applies to the kubernetes plugin, either upgrade the Jenkins controller, the kubernetes plugin, and the snakeyaml plugin, or do not install the snakeyaml API plugin 2.2 on the Jenkins 2.387.3 controller.

          Mark Waite added a comment -

          No code change is expected to resolve this. Users of Jenkins 2.387.3 are advised to either upgrade to Jenkins 2.414.1 or to choose to not upgrade to SnakeYAML API plugin 2.2.

          Mark Waite added a comment - No code change is expected to resolve this. Users of Jenkins 2.387.3 are advised to either upgrade to Jenkins 2.414.1 or to choose to not upgrade to SnakeYAML API plugin 2.2.

          Fred G added a comment -

          As a data point, I see the following stack trace after upgrading the snakeyaml api plugin to version 2.2 on Jenkins LTS 2.387.3 with Kubernetes plugin 4007.v633279962016:

           

          java.lang.NoSuchMethodError: org/yaml/snakeyaml/constructor/SafeConstructor.<init>()V (loaded from file:/var/cache/jenkins/plugins/snakeyaml-api/WEB-INF/lib/snakeyaml-2.2.jar by jenkins.util.URLClassLoader2@5c2a670a) called from class io.fabric8.kubernetes.client.utils.Serialization (loaded from file:/var/cache/jenkins/plugins/kubernetes-client-api/WEB-INF/lib/kubernetes-client-api-6.4.1.jar by jenkins.util.URLClassLoader2@b73f4d33).
              at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:256)
              at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:387)
              at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:353)
              at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:337)
              at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.unmarshal(OperationSupport.java:753)
              at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.load(BaseOperation.java:261)
              at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.load(BaseOperation.java:93)
              at org.csanchez.jenkins.plugins.kubernetes.PodTemplateUtils.parseFromYaml(PodTemplateUtils.java:610)
              at org.csanchez.jenkins.plugins.kubernetes.pod.yaml.Overrides.merge(Overrides.java:26)
              at org.csanchez.jenkins.plugins.kubernetes.PodTemplate.getYamlsPod(PodTemplate.java:201)
              at org.csanchez.jenkins.plugins.kubernetes.PodTemplateBuilder.build(PodTemplateBuilder.java:297)
              at org.csanchez.jenkins.plugins.kubernetes.PodTemplate.build(PodTemplate.java:919)
              at org.csanchez.jenkins.plugins.kubernetes.KubernetesLauncher.launch(KubernetesLauncher.java:119)
              at hudson.slaves.SlaveComputer.lambda$_connect$0(SlaveComputer.java:298)
              at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
              at jenkins.security.ImpersonatingExecutorService$2.call(ImpersonatingExecutorService.java:80)
              at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
              at java.base/java.lang.Thread.run(Thread.java:839) 

          While I understand that Jenkins 2.387.3 is outdated and snakeyaml plugin can be downgraded, I would have expected that the snakeyaml plugin version 2.2 would have had a higher minimal required Jenkins version to avoid such a breakage. At the very least, I would expect a note in the snakeyaml release notes that gives an indication of possible breakage with older Jenkins versions, especially since the snakeyaml plugin did a mayor release.

           

          Fred G added a comment - As a data point, I see the following stack trace after upgrading the snakeyaml api plugin to version 2.2 on Jenkins LTS 2.387.3 with Kubernetes plugin 4007.v633279962016:   java.lang.NoSuchMethodError: org/yaml/snakeyaml/constructor/SafeConstructor.<init>()V (loaded from file:/ var /cache/jenkins/plugins/snakeyaml-api/WEB-INF/lib/snakeyaml-2.2.jar by jenkins.util.URLClassLoader2@5c2a670a) called from class io.fabric8.kubernetes.client.utils.Serialization (loaded from file:/ var /cache/jenkins/plugins/kubernetes-client-api/WEB-INF/lib/kubernetes-client-api-6.4.1.jar by jenkins.util.URLClassLoader2@b73f4d33).     at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:256)     at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:387)     at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:353)     at io.fabric8.kubernetes.client.utils.Serialization.unmarshal(Serialization.java:337)     at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.unmarshal(OperationSupport.java:753)     at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.load(BaseOperation.java:261)     at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.load(BaseOperation.java:93)     at org.csanchez.jenkins.plugins.kubernetes.PodTemplateUtils.parseFromYaml(PodTemplateUtils.java:610)     at org.csanchez.jenkins.plugins.kubernetes.pod.yaml.Overrides.merge(Overrides.java:26)     at org.csanchez.jenkins.plugins.kubernetes.PodTemplate.getYamlsPod(PodTemplate.java:201)     at org.csanchez.jenkins.plugins.kubernetes.PodTemplateBuilder.build(PodTemplateBuilder.java:297)     at org.csanchez.jenkins.plugins.kubernetes.PodTemplate.build(PodTemplate.java:919)     at org.csanchez.jenkins.plugins.kubernetes.KubernetesLauncher.launch(KubernetesLauncher.java:119)     at hudson.slaves.SlaveComputer.lambda$_connect$0(SlaveComputer.java:298)     at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)     at jenkins.security.ImpersonatingExecutorService$2.call(ImpersonatingExecutorService.java:80)     at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)     at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)     at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)     at java.base/java.lang. Thread .run( Thread .java:839) While I understand that Jenkins 2.387.3 is outdated and snakeyaml plugin can be downgraded, I would have expected that the snakeyaml plugin version 2.2 would have had a higher minimal required Jenkins version to avoid such a breakage. At the very least, I would expect a note in the snakeyaml release notes that gives an indication of possible breakage with older Jenkins versions, especially since the snakeyaml plugin did a mayor release.  

          Fred G added a comment - - edited

          Whoever fixed the snakeyaml release notes a few minutes after my last comment: thank you!

          It's much appreciated and potentially saves the next victim a lot of time while digging for the root cause.

          Fred G added a comment - - edited Whoever fixed the snakeyaml release notes a few minutes after my last comment: thank you! It's much appreciated and potentially saves the next victim a lot of time while digging for the root cause.

          Pipeline Utility Steps plugin prior to 2.15.4 is also affected:

           java.lang.NoSuchMethodError: org.yaml.snakeyaml.constructor.SafeConstructor: method 'void <init>()' not found
               at org.jenkinsci.plugins.pipeline.utility.steps.conf.ReadYamlStep$Execution.newYaml(ReadYamlStep.java:238)
               at org.jenkinsci.plugins.pipeline.utility.steps.conf.ReadYamlStep$Execution.doRun(ReadYamlStep.java:201)
               at org.jenkinsci.plugins.pipeline.utility.steps.AbstractFileOrTextStepExecution.run(AbstractFileOrTextStepExecution.java:29)
               at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
               at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
               at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
               at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
               at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
               at java.base/java.lang.Thread.run(Thread.java:829)

          Dirk Heinrichs added a comment - Pipeline Utility Steps plugin prior to 2.15.4 is also affected: java.lang.NoSuchMethodError: org.yaml.snakeyaml.constructor.SafeConstructor: method 'void <init>()' not found      at org.jenkinsci.plugins.pipeline.utility.steps.conf.ReadYamlStep$Execution.newYaml(ReadYamlStep.java:238)      at org.jenkinsci.plugins.pipeline.utility.steps.conf.ReadYamlStep$Execution.doRun(ReadYamlStep.java:201)      at org.jenkinsci.plugins.pipeline.utility.steps.AbstractFileOrTextStepExecution.run(AbstractFileOrTextStepExecution.java:29)      at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)      at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)      at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)      at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)      at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)      at java.base/java.lang. Thread .run( Thread .java:829)

          muddukrishna added a comment -

          I have Jenkins v2.426.3 and snakeyaml 2.2 plugin still getting this issue.  

          can not downgrade snakeyaml as jackson-api has a dependency and the same goes to jackson-api it depended by some other plugin. 

          how to resolve this?

           

          muddukrishna added a comment - I have Jenkins v2.426.3 and snakeyaml 2.2 plugin still getting this issue.   can not downgrade snakeyaml as jackson-api has a dependency and the same goes to jackson-api it depended by some other plugin.  how to resolve this?  

          Mark Waite added a comment -

          how to resolve this?

          Upgrade all the plugins in your installation. When you choose to upgrade only some of the plugins in your installation, you are choosing to create a less frequently tested configuration. The most active Jenkins users generally upgrade all their plugins to the most recent releases when they upgrade any plugin.

          Mark Waite added a comment - how to resolve this? Upgrade all the plugins in your installation. When you choose to upgrade only some of the plugins in your installation, you are choosing to create a less frequently tested configuration. The most active Jenkins users generally upgrade all their plugins to the most recent releases when they upgrade any plugin.

            escoem Emilio Escobar
            markewaite Mark Waite
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: