Hi,

I have a Jenkins instance running (2.230, also I have tested LTS) on a 
Docker container using only HTTPS with self-signed certificates, in the 
same network I start an SSH Build Agent and a JNLP Agent, the SSH Build 
agent connects
without issues, but the JNLP gives me an error I dunno what it is related, 
it said that the X-Instance-Identity is invalid, there is no proxy or 
anything else in between and the X-Instance-Identity is there so I dunno, 
why Jenkins said, is invalid, Do anyone see something similar or know what 
is this error about?

This is the Agent config

<slave>
<name>
jnlp-agent
</name>
<remoteFS>
/home/jenkins
</remoteFS>
<numExecutors>
2
</numExecutors>
<mode>
NORMAL
</mode>
<launcher class="hudson.slaves.JNLPLauncher">
<workDirSettings>
<disabled>
false
</disabled>
<workDirPath>
/home/jenkins
</workDirPath>
<internalDir>
remoting
</internalDir>
<failIfWorkDirIsMissing>
false
</failIfWorkDirIsMissing>
</workDirSettings>
<webSocket>
false
</webSocket>
</launcher>
<label>
jnlp linux
</label>
<nodeProperties/>
</slave>


These are the commands I use to launch the Jenkins instance

printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = 
dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth"
 
> domain.ext

openssl req \

    -newkey rsa:2048 -nodes -sha256 -keyout domain_private.key \

    -x509 -days 365 -out domain.crt \

    -subj '/CN=localhost' -extensions EXT -config domain.ext

openssl rsa -in domain_private.key -out domain.key


docker run \

    -e JENKINS_OPTS="--httpPort=-1 --httpsPort=9443 
--httpsCertificate=/var/lib/jenkins/cert 
--httpsPrivateKey=/var/lib/jenkins/pk"

    --name jenkins \

    --rm \

    -p 9443:9443 \

    -v jenkins_home:/var/jenkins_home \

    --network net \

    jenkins/jenkins-tls:2.230



An this is the command used to launch eht Agent

docker run --name jnlp-agent -it --rm --network net jenkins/jnlp-slave 
-disableHttpsCertValidation -credentials jenkins:"SuP3rP4ssw0rd" -url 
https://jenkins:9443/computer/jnlp-agent/slave-agent.jnlp 
224a6accfb5b9728e3db3dfc43ae8d2d986b24c09b2d8701497ca13c474d3dde jnlp-agent 

Apr 11, 2020 11:36:59 AM hudson.remoting.jnlp.Main createEngine

INFO: Setting up agent: jnlp-agent

Apr 11, 2020 11:36:59 AM hudson.remoting.jnlp.Main$CuiListener <init>

INFO: Jenkins agent is running in headless mode.

Apr 11, 2020 11:36:59 AM hudson.remoting.jnlp.Main createEngine

WARNING: Certificate validation for HTTPs endpoints is disabled

Apr 11, 2020 11:37:00 AM hudson.remoting.Engine startEngine

INFO: Using Remoting version: 4.3

Apr 11, 2020 11:37:00 AM hudson.remoting.Engine startEngine

WARNING: No Working Directory. Using the legacy JAR Cache location: 
/home/jenkins/.jenkins/cache/jars

Apr 11, 2020 11:37:00 AM hudson.remoting.jnlp.Main$CuiListener status

INFO: Locating server among 
[https://jenkins:9443/computer/jnlp-agent/slave-agent.jnlp]

Apr 11, 2020 11:37:00 AM 
org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver openURLConnection

WARNING: HTTPs certificate check is disabled for the endpoint.

Apr 11, 2020 11:37:00 AM hudson.remoting.jnlp.Main$CuiListener error

SEVERE: 
https://jenkins:9443/computer/jnlp-agent/slave-agent.jnlp/tcpSlaveAgentListener/
 
appears to be publishing an invalid X-Instance-Identity.

java.io.IOException: 
https://jenkins:9443/computer/jnlp-agent/slave-agent.jnlp/tcpSlaveAgentListener/
 
appears to be publishing an invalid X-Instance-Identity.

at 
org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:287)

at hudson.remoting.Engine.innerRun(Engine.java:693)

at hudson.remoting.Engine.run(Engine.java:518)

So I've changed to try to use direct connect without luck 

JENKINS_INSTANCE_IDENTITY=$(curl -sfkI https://localhost:9443 | grep 
X-Instance-Identity | cut -d\  -f2)


echo ${JENKINS_INSTANCE_IDENTITY}

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijph9cC+d2brNUMc+wE8Y3ZUvByXYIDZzJpAL37x6juBmwTGKPhOhCmmal/Lm5dTMAF1IWnZyOlMnLPrcPm4ifbhOS11Azpk/3lIH+DrK0ypXqVgYRf9ovLF7ZFRvNZovr6eMHXql4pK5wzgFQGM0ZcP6WwaWfKAma3ekqFLz986WvNBsQ4r7C5sxPZLYiSBuBiy+8bMSzzfd6S7FbpWG3RMJjXckw5mG4jDmLkMSfdhLrTsTKQbcPgPrbSJlZdZRUW5SdxsFF0oxuhhNibUkNgDcDQ3UEHVVVM2H7g1ul3gzOThX6mXf6Hm/YUCNmIGlQIb/siOQe5mxcYxxl/VAQIDAQAB

docker run --name jnlp-agent -it --rm --network net jenkins/jnlp-slave 
-disableHttpsCertValidation -credentials jenkins:"SuP3rP4ssw0rd" 
-instanceIdentity ${JENKINS_INSTANCE_IDENTITY} -direct jenkins:9443 
224a6accfb5b9728e3db3dfc43ae8d2d986b24c09b2d8701497ca13c474d3dde jnlp-agent 

Apr 11, 2020 11:45:28 AM hudson.remoting.jnlp.Main createEngine

INFO: Setting up agent: jnlp-agent

Apr 11, 2020 11:45:29 AM hudson.remoting.jnlp.Main$CuiListener <init>

INFO: Jenkins agent is running in headless mode.

Apr 11, 2020 11:45:29 AM hudson.remoting.jnlp.Main createEngine

WARNING: Certificate validation for HTTPs endpoints is disabled

Apr 11, 2020 11:45:29 AM hudson.remoting.Engine startEngine

INFO: Using Remoting version: 4.3

Apr 11, 2020 11:45:29 AM hudson.remoting.Engine startEngine

WARNING: No Working Directory. Using the legacy JAR Cache location: 
/home/jenkins/.jenkins/cache/jars

Apr 11, 2020 11:45:29 AM hudson.remoting.jnlp.Main$CuiListener status

INFO: Locating server among []

Apr 11, 2020 11:45:29 AM hudson.remoting.jnlp.Main$CuiListener error

SEVERE: Illegal base64 character d

java.lang.IllegalArgumentException: Illegal base64 character d

at java.util.Base64$Decoder.decode0(Base64.java:714)

at java.util.Base64$Decoder.decode(Base64.java:526)

at java.util.Base64$Decoder.decode(Base64.java:549)

at 
org.jenkinsci.remoting.engine.JnlpEndpointResolver.getIdentity(JnlpEndpointResolver.java:43)

at 
org.jenkinsci.remoting.engine.JnlpAgentEndpointConfigurator.resolve(JnlpAgentEndpointConfigurator.java:51)

at hudson.remoting.Engine.innerRun(Engine.java:693)

at hudson.remoting.Engine.run(Engine.java:518)

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/aadc51f3-426c-4cd3-b538-ffd228309bd3%40googlegroups.com.

Reply via email to