Bug #2358

jenkins errors when adding/configuring new nodes

Added by roh over 1 year ago. Updated 11 months ago.

Target version:
Start date:
Due date:
% Done:


Spec Reference:


when following the manual for osmo-gsm-tester ( to set up the production tester i encountered the following error(s):

first my browser warns about uncrypted page in all fields, but also about an uncrypted connection (even when jenkins is accessed via https) on pressing 'add'.

on ignoring that a grey modal dialog with 'error' written top-left and some 'close window'-X in the corner comes up. the dialog can be dragged around, the rest of the browser is greyed out.

expected behaviour: no crypto warnings, and no grey box, but an added/configured node


log in
manage jenkins
manage nodes
configure on the right on 'osmo-gsm-tester-prod'
add (on the right next to credentials) -> jenkins
switch kind to 'ssh with private key'
username 'jenkins'
private key: from a file on jenkins master "/usr/local/jenkins/keys/osmo-gsm-tester-prod"
passphrase: see internal wiki - not important to reproduce the error
ID: "osmo-gsm-tester-prod"
desc: "jenkins for SSH to osmo-gsm-tester-prod"

klick add
either the empty error comes up. alternatively the dialog exits but the user 'jenkins for ssh to osmo-gsm-tester-prod' doesnt show up in the list. (as if the add dialog never was used)

screenshot.png View screenshot.png 52.5 KB screenshot laforge, 07/11/2017 04:34 PM
jenkins-dialog-http.pcapng jenkins-dialog-http.pcapng 1.77 KB chromium and http: clicking the final 'Add' button that closes the dialog. neels, 07/17/2017 11:46 AM
Screen Shot 2017-07-17 at 16.42.24.png View Screen Shot 2017-07-17 at 16.42.24.png 208 KB zecke, 07/17/2017 02:42 PM


#1 Updated by laforge over 1 year ago

  • Assignee set to zecke

#2 Updated by laforge over 1 year ago


#3 Updated by neels over 1 year ago

On firefox, I see an error behavior like in the screenshot. Using chromium, the dialog shows no error but simply closes, but without any effect: the settings are not applied.
A wireshark trace shows only SSL connections being made.

It is also easily possible to connect to our jenkins using plain http. In unencrypted connection, I see a POST request with 0 content length. I have attached a short pcap of the communication that happens when clicking the final "Add" button in the dialog, using chromium and HTTP. (When connecting via HTTPS, this is SSL encrypted, and no indication why firefox would complain about an unencrypted transmission)

This dialog worked identically a couple of weeks ago (May 14, 2017). Very puzzling.

#4 Updated by neels over 1 year ago

because I have entered the SSH key passphrase in plain text in on jenkins with HTTP to produce the pcap, I have disabled the authorized_keys on the osmo-gsm-tester-prod.
I have also changed my password. (Though technically an eavesdropper could have logged in as me in the meantime and used the admin credentials to find out everything visible to my user...)

#5 Updated by neels over 1 year ago

No errors appear in the jenkins server log ( jail /var/log/jenkins.log) when clicking the add button.

#6 Updated by neels over 1 year ago

I have manually edited /usr/local/jenkins/credentials.xml and copied the entry for the osmo-gsm-tester-rnd, which uses the same private key as the RnD setup for now (because the passphrase in the credentials.xml is not in plain text, I need to use the same one).

The build slave on the production unit is up and running now; but the dialog UI problem is not solved.

#7 Updated by zecke over 1 year ago


hmm.. with latest firefox.. I will force http->https for all connections now.

#8 Updated by zecke over 1 year ago

  • Status changed from New to Feedback

I have enabled the http -> https redirect. If you open it goes to followed by i made a gerrit test build to see if the two systems still talk to each other.. they did.

#9 Updated by zecke over 1 year ago

test comment..

#10 Updated by laforge 11 months ago

  • Assignee changed from zecke to lynxis

#11 Updated by lynxis 11 months ago

I can reproduce the error with firefox with the osmocom jenkins setup.

<form method="POST" action="http://jenkins/jenkins/descriptor/com.cloudbees.plugins.credentials.CredentialsSelectHelper/resolver/com.cloudbees.plugins.credentials.CredentialsSelectHelper$SystemContextResolver/provider/com.cloudbees.plugins.credentials.SystemCredentialsProvider$ProviderImpl/context/jenkins/addCredentials" id="credentials-dialog-form"><div><input name="json" value="init" type="hidden"></div></form>

Looks to me, the jenkins doesn't know his own url.

#12 Updated by lynxis 11 months ago

I've rechecked two other jenkins installation which I maintain and both does not have this bug.

#13 Updated by lynxis 11 months ago

  • Status changed from Feedback to In Progress

#14 Updated by lynxis 11 months ago

You can find the broken http link if you do:

"Manage Nodes" -> "choose a node" -> "Configure" -> "Credentials" -> "Add" -> "jenkins" [Ajax screen pops up].

Right click on the "Add" Button and do Inspect. If you look a couple lines upwards, there is a "<POST>" which
contain the broken http://jenkins/jenkins/... link

I've verified with chromium 64.0.3282.140-2 and firefox 58.0.2-1

#15 Updated by zecke 11 months ago

  • Status changed from In Progress to Closed

Lovely.. reverse proxying works differently everywhere..

  • This URL used the "host" from nginx->jenkins connection
  • It apparently requires X-Forwarded-Proto as well
      proxy_set_header        Host $host:$server_port;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)