Hi,
I have a Jenkins instance running (2.230, also I have tested LTS) on a
Docker container using only HTTPS with self-signed certificates, in the
same network I start an SSH Build Agent and a JNLP Agent, the SSH Build
agent connects
without issues, but the JNLP gives me an error I dunno what it is related,
it said that the X-Instance-Identity is invalid, there is no proxy or
anything else in between and the X-Instance-Identity is there so I dunno,
why Jenkins said, is invalid, Do anyone see something similar or know what
is this error about?
This is the Agent config
<slave>
<name>
jnlp-agent
</name>
<remoteFS>
/home/jenkins
</remoteFS>
<numExecutors>
2
</numExecutors>
<mode>
NORMAL
</mode>
<launcher class="hudson.slaves.JNLPLauncher">
<workDirSettings>
<disabled>
false
</disabled>
<workDirPath>
/home/jenkins
</workDirPath>
<internalDir>
remoting
</internalDir>
<failIfWorkDirIsMissing>
false
</failIfWorkDirIsMissing>
</workDirSettings>
<webSocket>
false
</webSocket>
</launcher>
<label>
jnlp linux
</label>
<nodeProperties/>
</slave>
These are the commands I use to launch the Jenkins instance
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name =
dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth"
> domain.ext
openssl req \
-newkey rsa:2048 -nodes -sha256 -keyout domain_private.key \
-x509 -days 365 -out domain.crt \
-subj '/CN=localhost' -extensions EXT -config domain.ext
openssl rsa -in domain_private.key -out domain.key
docker run \
-e JENKINS_OPTS="--httpPort=-1 --httpsPort=9443
--httpsCertificate=/var/lib/jenkins/cert
--httpsPrivateKey=/var/lib/jenkins/pk"
--name jenkins \
--rm \
-p 9443:9443 \
-v jenkins_home:/var/jenkins_home \
--network net \
jenkins/jenkins-tls:2.230
An this is the command used to launch eht Agent
docker run --name jnlp-agent -it --rm --network net jenkins/jnlp-slave
-disableHttpsCertValidation -credentials jenkins:"SuP3rP4ssw0rd" -url
https://jenkins:9443/computer/jnlp-agent/slave-agent.jnlp
224a6accfb5b9728e3db3dfc43ae8d2d986b24c09b2d8701497ca13c474d3dde jnlp-agent
Apr 11, 2020 11:36:59 AM hudson.remoting.jnlp.Main createEngine
INFO: Setting up agent: jnlp-agent
Apr 11, 2020 11:36:59 AM hudson.remoting.jnlp.Main$CuiListener <init>
INFO: Jenkins agent is running in headless mode.
Apr 11, 2020 11:36:59 AM hudson.remoting.jnlp.Main createEngine
WARNING: Certificate validation for HTTPs endpoints is disabled
Apr 11, 2020 11:37:00 AM hudson.remoting.Engine startEngine
INFO: Using Remoting version: 4.3
Apr 11, 2020 11:37:00 AM hudson.remoting.Engine startEngine
WARNING: No Working Directory. Using the legacy JAR Cache location:
/home/jenkins/.jenkins/cache/jars
Apr 11, 2020 11:37:00 AM hudson.remoting.jnlp.Main$CuiListener status
INFO: Locating server among
[https://jenkins:9443/computer/jnlp-agent/slave-agent.jnlp]
Apr 11, 2020 11:37:00 AM
org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver openURLConnection
WARNING: HTTPs certificate check is disabled for the endpoint.
Apr 11, 2020 11:37:00 AM hudson.remoting.jnlp.Main$CuiListener error
SEVERE:
https://jenkins:9443/computer/jnlp-agent/slave-agent.jnlp/tcpSlaveAgentListener/
appears to be publishing an invalid X-Instance-Identity.
java.io.IOException:
https://jenkins:9443/computer/jnlp-agent/slave-agent.jnlp/tcpSlaveAgentListener/
appears to be publishing an invalid X-Instance-Identity.
at
org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:287)
at hudson.remoting.Engine.innerRun(Engine.java:693)
at hudson.remoting.Engine.run(Engine.java:518)
So I've changed to try to use direct connect without luck
JENKINS_INSTANCE_IDENTITY=$(curl -sfkI https://localhost:9443 | grep
X-Instance-Identity | cut -d\ -f2)
echo ${JENKINS_INSTANCE_IDENTITY}
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijph9cC+d2brNUMc+wE8Y3ZUvByXYIDZzJpAL37x6juBmwTGKPhOhCmmal/Lm5dTMAF1IWnZyOlMnLPrcPm4ifbhOS11Azpk/3lIH+DrK0ypXqVgYRf9ovLF7ZFRvNZovr6eMHXql4pK5wzgFQGM0ZcP6WwaWfKAma3ekqFLz986WvNBsQ4r7C5sxPZLYiSBuBiy+8bMSzzfd6S7FbpWG3RMJjXckw5mG4jDmLkMSfdhLrTsTKQbcPgPrbSJlZdZRUW5SdxsFF0oxuhhNibUkNgDcDQ3UEHVVVM2H7g1ul3gzOThX6mXf6Hm/YUCNmIGlQIb/siOQe5mxcYxxl/VAQIDAQAB
docker run --name jnlp-agent -it --rm --network net jenkins/jnlp-slave
-disableHttpsCertValidation -credentials jenkins:"SuP3rP4ssw0rd"
-instanceIdentity ${JENKINS_INSTANCE_IDENTITY} -direct jenkins:9443
224a6accfb5b9728e3db3dfc43ae8d2d986b24c09b2d8701497ca13c474d3dde jnlp-agent
Apr 11, 2020 11:45:28 AM hudson.remoting.jnlp.Main createEngine
INFO: Setting up agent: jnlp-agent
Apr 11, 2020 11:45:29 AM hudson.remoting.jnlp.Main$CuiListener <init>
INFO: Jenkins agent is running in headless mode.
Apr 11, 2020 11:45:29 AM hudson.remoting.jnlp.Main createEngine
WARNING: Certificate validation for HTTPs endpoints is disabled
Apr 11, 2020 11:45:29 AM hudson.remoting.Engine startEngine
INFO: Using Remoting version: 4.3
Apr 11, 2020 11:45:29 AM hudson.remoting.Engine startEngine
WARNING: No Working Directory. Using the legacy JAR Cache location:
/home/jenkins/.jenkins/cache/jars
Apr 11, 2020 11:45:29 AM hudson.remoting.jnlp.Main$CuiListener status
INFO: Locating server among []
Apr 11, 2020 11:45:29 AM hudson.remoting.jnlp.Main$CuiListener error
SEVERE: Illegal base64 character d
java.lang.IllegalArgumentException: Illegal base64 character d
at java.util.Base64$Decoder.decode0(Base64.java:714)
at java.util.Base64$Decoder.decode(Base64.java:526)
at java.util.Base64$Decoder.decode(Base64.java:549)
at
org.jenkinsci.remoting.engine.JnlpEndpointResolver.getIdentity(JnlpEndpointResolver.java:43)
at
org.jenkinsci.remoting.engine.JnlpAgentEndpointConfigurator.resolve(JnlpAgentEndpointConfigurator.java:51)
at hudson.remoting.Engine.innerRun(Engine.java:693)
at hudson.remoting.Engine.run(Engine.java:518)
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/aadc51f3-426c-4cd3-b538-ffd228309bd3%40googlegroups.com.
