jenkins errors when adding/configuring new nodes
when following the manual for osmo-gsm-tester (http://ftp.osmocom.org/docs/latest/osmo-gsm-tester-manual.pdf) to set up the production tester i encountered the following error(s):
first my browser warns about uncrypted page in all fields, but also about an uncrypted connection (even when jenkins is accessed via https) on pressing 'add'.
on ignoring that a grey modal dialog with 'error' written top-left and some 'close window'-X in the corner comes up. the dialog can be dragged around, the rest of the browser is greyed out.
expected behaviour: no crypto warnings, and no grey box, but an added/configured node
configure on the right on 'osmo-gsm-tester-prod'
add (on the right next to credentials) -> jenkins
switch kind to 'ssh with private key'
private key: from a file on jenkins master "/usr/local/jenkins/keys/osmo-gsm-tester-prod"
passphrase: see internal wiki - not important to reproduce the error
desc: "jenkins for SSH to osmo-gsm-tester-prod"
either the empty error comes up. alternatively the dialog exits but the user 'jenkins for ssh to osmo-gsm-tester-prod' doesnt show up in the list. (as if the add dialog never was used)
#3 Updated by neels over 1 year ago
- File jenkins-dialog-http.pcapng jenkins-dialog-http.pcapng added
- Priority changed from Normal to High
On firefox, I see an error behavior like in the screenshot. Using chromium, the dialog shows no error but simply closes, but without any effect: the settings are not applied.
A wireshark trace shows only SSL connections being made.
It is also easily possible to connect to our jenkins using plain http. In unencrypted connection, I see a POST request with 0 content length. I have attached a short pcap of the communication that happens when clicking the final "Add" button in the dialog, using chromium and HTTP. (When connecting via HTTPS, this is SSL encrypted, and no indication why firefox would complain about an unencrypted transmission)
This dialog worked identically a couple of weeks ago (May 14, 2017). Very puzzling.
#4 Updated by neels over 1 year ago
because I have entered the SSH key passphrase in plain text in on jenkins with HTTP to produce the pcap, I have disabled the authorized_keys on the osmo-gsm-tester-prod.
I have also changed my password. (Though technically an eavesdropper could have logged in as me in the meantime and used the admin credentials to find out everything visible to my user...)
#6 Updated by neels over 1 year ago
I have manually edited /usr/local/jenkins/credentials.xml and copied the entry for the osmo-gsm-tester-rnd, which uses the same private key as the RnD setup for now (because the passphrase in the credentials.xml is not in plain text, I need to use the same one).
The build slave on the production unit is up and running now; but the dialog UI problem is not solved.
#8 Updated by zecke over 1 year ago
- Status changed from New to Feedback
I can reproduce the error with firefox with the osmocom jenkins setup.
<form method="POST" action="http://jenkins/jenkins/descriptor/com.cloudbees.plugins.credentials.CredentialsSelectHelper/resolver/com.cloudbees.plugins.credentials.CredentialsSelectHelper$SystemContextResolver/provider/com.cloudbees.plugins.credentials.SystemCredentialsProvider$ProviderImpl/context/jenkins/addCredentials" id="credentials-dialog-form"><div><input name="json" value="init" type="hidden"></div></form>
Looks to me, the jenkins doesn't know his own url.
You can find the broken http link if you do:
"Manage Nodes" -> "choose a node" -> "Configure" -> "Credentials" -> "Add" -> "jenkins" [Ajax screen pops up].
Right click on the "Add" Button and do Inspect. If you look a couple lines upwards, there is a "<POST>" which
contain the broken http://jenkins/jenkins/... link
I've verified with chromium 64.0.3282.140-2 and firefox 58.0.2-1
- Status changed from In Progress to Closed
Lovely.. reverse proxying works differently everywhere..
- This URL used the "host" from nginx->jenkins connection
- It apparently requires X-Forwarded-Proto as well
proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;