[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Jenkins integration



Hi,

Thank you for your update.

As you can clearly see from my previous email I'm running OpenShift 3.5:
# oc version
oc v1.5.1
kubernetes v1.5.2+43a9be4
features: Basic-Auth GSSAPI Kerberos SPNEGO

# origin version
origin v1.5.1
kubernetes v1.5.2+43a9be4
etcd 3.1.0


Regarding your question and suggestions around OAUTH I ran official openshift jenkins2 ephemeral template and that either doesn't work. 

some data:

[root master ~]# oc get pods
NAME              READY     STATUS    RESTARTS   AGE
jenkins-1-j267m   1/1       Running   0          5m
[root master ~]# oc describe pod jenkins-1-j267m
Name:                   jenkins-1-j267m
Namespace:              jenkins
Security Policy:        restricted
Node:                   node2.hr4.local/192.168.1.62
Start Time:             Wed, 09 Aug 2017 09:39:29 +0100
Labels:                 deployment=jenkins-1
                        deploymentconfig=jenkins
                        name=jenkins
Status:                 Running
IP:                     10.129.0.26
Controllers:            ReplicationController/jenkins-1
Containers:
  jenkins:
    Container ID:       docker://22573e42063109528896bdeb7de54f45c7251d71c3ae2321a1d6fea94404d01f
    Image:              openshift/jenkins-2-centos7 sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712
    Image ID:           docker-pullable://docker.io/openshift/jenkins-2-centos7 sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712
    Port:
    Limits:
      memory:   1Gi
    Requests:
      memory:           1Gi
    State:              Running
      Started:          Wed, 09 Aug 2017 09:41:59 +0100
    Ready:              True
    Restart Count:      0
    Liveness:           http-get http://:8080/login delay=420s timeout=3s period=10s #success=1 #failure=30
    Readiness:          http-get http://:8080/login delay=3s timeout=3s period=10s #success=1 #failure=3
    Volume Mounts:
      /var/lib/jenkins from jenkins-data (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from jenkins-token-txv72 (ro)
    Environment Variables:
      OPENSHIFT_ENABLE_OAUTH:           true
      OPENSHIFT_ENABLE_REDIRECT_PROMPT: true
      OPENSHIFT_JENKINS_JVM_ARCH:       x86_64
      KUBERNETES_MASTER:                https://kubernetes.default:443
      KUBERNETES_TRUST_CERTIFICATES:    true
      JNLP_SERVICE_NAME:                jenkins-jnlp
Conditions:
  Type          Status
  Initialized   True 
  Ready         True 
  PodScheduled  True 
Volumes:
  jenkins-data:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
  jenkins-token-txv72:
    Type:       Secret (a volume populated by a Secret)
    SecretName: jenkins-token-txv72
QoS Class:      Burstable
Tolerations:    <none>
Events:
  FirstSeen     LastSeen        Count   From                            SubObjectPath                   Type            Reason          Message
  ---------     --------        -----   ----                            -------------                   --------        ------          -------
  5m            5m              1       {default-scheduler }                                            Normal          Scheduled       Successfully assigned jenkins-1-j267m to node2.hr4.local
  5m            5m              1       {kubelet node2.hr4.local}       spec.containers{jenkins}        Normal          Pulling         pulling image "openshift/jenkins-2-centos7 sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712"
  2m            2m              1       {kubelet node2.hr4.local}       spec.containers{jenkins}        Normal          Pulled          Successfully pulled image "openshift/jenkins-2-centos7 sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712"
  2m            2m              1       {kubelet node2.hr4.local}       spec.containers{jenkins}        Normal          Created         Created container with docker id 22573e420631; Security:[seccomp=unconfined]
  2m            2m              1       {kubelet node2.hr4.local}       spec.containers{jenkins}        Normal          Started         Started container with docker id 22573e420631
  2m            1m              5       {kubelet node2.hr4.local}       spec.containers{jenkins}        Warning         Unhealthy       Readiness probe failed: HTTP probe failed with statuscode: 503
  1m            23s             6       {kubelet node2.hr4.local}       spec.containers{jenkins}        Warning         Unhealthy       Readiness probe failed: Get http://10.129.0.26:8080/login: net/http: request canceled (Client.Timeout exceeded while awaiting headers)

[root node2 ~]# docker inspect 22573e420631
[
    {
        "Id": "22573e42063109528896bdeb7de54f45c7251d71c3ae2321a1d6fea94404d01f",
        "Created": "2017-08-09T08:41:58.321766924Z",
        "Path": "/usr/libexec/s2i/run",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 99830,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2017-08-09T08:41:59.594662533Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:8dda791f1c46d2ea35867fd1fa89e64519f0bda17b1d26b2ac6cf92bc8966268",
        "ResolvConfPath": "/var/lib/docker/containers/59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b/hostname",
        "HostsPath": "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/etc-hosts",
        "LogPath": "",
        "Name": "/k8s_jenkins.ca203105_jenkins-1-j267m_jenkins_42102c09-7cde-11e7-9a6c-525400c269f8_b0e27732",
        "RestartCount": 0,
        "Driver": "devicemapper",
        "MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c10,c0",
        "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c10,c0",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/kubernetes.io~empty-dir/jenkins-data:/var/lib/jenkins:Z",
                "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/kubernetes.io~secret/jenkins-token-txv72:/var/run/secrets/kubernetes.io/serviceaccount:ro,Z",
                "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/etc-hosts:/etc/hosts:Z",
                "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/containers/jenkins/b0e27732:/dev/termination-log:Z"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "journald",
                "Config": {}
            },
            "NetworkMode": "container:59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b",
            "PortBindings": null,
            "RestartPolicy": {
                "Name": "",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": [
                "KILL",
                "MKNOD",
                "SETGID",
                "SETUID",
                "SYS_CHROOT"
            ],
            "Dns": null,
            "DnsOptions": null,
            "DnsSearch": null,
            "ExtraHosts": null,
            "GroupAdd": [
                "1000090000"
            ],
            "IpcMode": "container:59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 730,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": [
                "seccomp=unconfined",
                "label=level:s0:c10,c0"
            ],
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "docker-runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 2,
            "Memory": 1073741824,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": -1,
            "MemorySwappiness": -1,
            "OomKillDisable": false,
            "PidsLimit": 0,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0
        },
        "GraphDriver": {
            "Name": "devicemapper",
            "Data": {
                "DeviceId": "956",
                "DeviceName": "docker-253:0-2491527-6352b1d19f04272bc621e44bcf1b49f4a832886bdfb1d30359bae7b458fc0bb8",
                "DeviceSize": "10737418240"
            }
        },
        "Mounts": [
            {
                "Source": "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/kubernetes.io~empty-dir/jenkins-data",
                "Destination": "/var/lib/jenkins",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Source": "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/kubernetes.io~secret/jenkins-token-txv72",
                "Destination": "/var/run/secrets/kubernetes.io/serviceaccount",
                "Mode": "ro,Z",
                "RW": false,
                "Propagation": "rprivate"
            },
            {
                "Source": "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/etc-hosts",
                "Destination": "/etc/hosts",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Source": "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/containers/jenkins/b0e27732",
                "Destination": "/dev/termination-log",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Config": {
            "Hostname": "jenkins-1-j267m",
            "Domainname": "",
            "User": "1000090000",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "50000/tcp": {},
                "8080/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "OPENSHIFT_ENABLE_OAUTH=true",
                "OPENSHIFT_ENABLE_REDIRECT_PROMPT=true",
                "OPENSHIFT_JENKINS_JVM_ARCH=x86_64",
                "KUBERNETES_MASTER=https://kubernetes.default:443",
                "KUBERNETES_TRUST_CERTIFICATES=true",
                "JNLP_SERVICE_NAME=jenkins-jnlp",
                "JENKINS_JNLP_PORT_50000_TCP_ADDR=172.30.98.196",
                "JENKINS_PORT=tcp://172.30.125.4:80",
                "KUBERNETES_PORT_53_UDP=udp://172.30.0.1:53",
                "KUBERNETES_PORT_53_TCP=tcp://172.30.0.1:53",
                "KUBERNETES_PORT_53_TCP_ADDR=172.30.0.1",
                "JENKINS_SERVICE_PORT_WEB=80",
                "JENKINS_JNLP_SERVICE_HOST=172.30.98.196",
                "KUBERNETES_SERVICE_PORT=443",
                "KUBERNETES_SERVICE_PORT_HTTPS=443",
                "KUBERNETES_SERVICE_PORT_DNS=53",
                "KUBERNETES_PORT_443_TCP_ADDR=172.30.0.1",
                "KUBERNETES_PORT_53_UDP_PROTO=udp",
                "KUBERNETES_PORT_53_UDP_PORT=53",
                "KUBERNETES_PORT_53_UDP_ADDR=172.30.0.1",
                "JENKINS_JNLP_SERVICE_PORT=50000",
                "JENKINS_JNLP_SERVICE_PORT_AGENT=50000",
                "JENKINS_JNLP_PORT_50000_TCP=tcp://172.30.98.196:50000",
                "JENKINS_PORT_80_TCP=tcp://172.30.125.4:80",
                "JENKINS_PORT_80_TCP_ADDR=172.30.125.4",
                "KUBERNETES_SERVICE_HOST=172.30.0.1",
                "KUBERNETES_PORT_443_TCP=tcp://172.30.0.1:443",
                "KUBERNETES_PORT_53_TCP_PROTO=tcp",
                "JENKINS_JNLP_PORT_50000_TCP_PROTO=tcp",
                "JENKINS_JNLP_PORT_50000_TCP_PORT=50000",
                "JENKINS_SERVICE_HOST=172.30.125.4",
                "JENKINS_PORT_80_TCP_PORT=80",
                "KUBERNETES_PORT_443_TCP_PORT=443",
                "JENKINS_JNLP_PORT=tcp://172.30.98.196:50000",
                "JENKINS_PORT_80_TCP_PROTO=tcp",
                "JENKINS_SERVICE_PORT=80",
                "KUBERNETES_PORT=tcp://172.30.0.1:443",
                "KUBERNETES_PORT_53_TCP_PORT=53",
                "KUBERNETES_SERVICE_PORT_DNS_TCP=53",
                "KUBERNETES_PORT_443_TCP_PROTO=tcp",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "JENKINS_VERSION=2.46.3",
                "HOME=/var/lib/jenkins",
                "JENKINS_HOME=/var/lib/jenkins",
                "JENKINS_UC=https://updates.jenkins-ci.org",
                "LANG=en_US.UTF-8",
                "LC_ALL=en_US.UTF-8"
            ],
            "Cmd": [
                "/usr/libexec/s2i/run"
            ],
            "Image": "openshift/jenkins-2-centos7 sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712",
            "Volumes": {
                "/var/lib/jenkins": {}
            },
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "build-date": "20170705",
                "io.kubernetes.container.hash": "ca203105",
                "io.kubernetes.container.name": "jenkins",
                "io.kubernetes.container.restartCount": "0",
                "io.kubernetes.container.terminationMessagePath": "/dev/termination-log",
                "io.kubernetes.pod.name": "jenkins-1-j267m",
                "io.kubernetes.pod.namespace": "jenkins",
                "io.kubernetes.pod.terminationGracePeriod": "30",
                "io.kubernetes.pod.uid": "42102c09-7cde-11e7-9a6c-525400c269f8",
                "io.openshift.builder-version": "fc9a5fc",
                "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
                "k8s.io.description": "Jenkins is a continuous integration server",
                "k8s.io.display-name": "Jenkins 2.46.3",
                "license": "GPLv2",
                "name": "CentOS Base Image",
                "openshift.io.expose-services": "8080:http",
                "openshift.io.tags": "jenkins,jenkins2,ci",
                "vendor": "CentOS"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": null,
            "SandboxKey": "",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": null
        }
    }
]

So I think everything is as it should I believe... but OAUTH doesn't work I got jenkins login screen when I click on the jenkins URL.

On 8 August 2017 at 18:51, Gabe Montero <gmontero redhat com> wrote:


On Tue, Aug 8, 2017 at 11:43 AM, Thorvald Hallvardsson <thorvald hallvardsson gmail com> wrote:
Hi,

I found the problem with Siamak git repo. Plugins.txt refers to blueocean 1.0.0 which doesn't exist anymore. I forked his repo and changed that to 1.0.1 and it builds fine now however I have an OAUTH issues still even on the blueocean image. 


This is a bit of interesting log I found:
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth setOauth
Aug  8 16:38:26 master journal: INFO: OpenShift OAuth: enable oauth set to true force false lastCheck Tue Aug 08 15:38:16 UTC 2017
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth setOauth
Aug  8 16:38:26 master journal: INFO: OpenShift OAuth: configured security realm on startup: hudson.security.HudsonPrivateSecurityRealm 41464f last check Tue Aug 08 15:38:16 UTC 2017
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm populateDefaults
Aug  8 16:38:26 master journal: INFO: populateDefaults
Aug  8 16:38:26 master journal: java.net.UnknownHostException: openshift.default.svc
Aug  8 16:38:26 master journal: #011at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
Aug  8 16:38:26 master journal: #011at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
Aug  8 16:38:26 master journal: #011at java.net.Socket.connect(Socket.java:589)
Aug  8 16:38:26 master journal: #011at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673)
Aug  8 16:38:26 master journal: #011at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
Aug  8 16:38:26 master journal: #011at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:93)
Aug  8 16:38:26 master journal: #011at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:972)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm.getOpenShiftUserInfo(OpenShiftOAuth2SecurityRealm.java:489)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm.populateDefaults(OpenShiftOAuth2SecurityRealm.java:337)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm.<init>(OpenShiftOAuth2SecurityRealm.java:273)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth.setOauth(OpenShiftSetOAuth.java:69)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftPermissionFilter.doFilter(OpenShiftPermissionFilter.java:106)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:38)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:126)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
Aug  8 16:38:26 master journal: #011at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm populateDefaults
Aug  8 16:38:26 master journal: INFO: OpenShift OAuth returning false with namespace ci SA dir null default /run/secrets/kubernetes.io/serviceaccount SA name null default null client ID
 null default null secret null default [LONG STRING HERE] redirect null default null server null default https:
//openshift.default.svc
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm populateDefaults
Aug  8 16:38:26 master journal: INFO: populateDefaults
Aug  8 16:38:26 master journal: java.net.UnknownHostException: openshift.default.svc
Aug  8 16:38:26 master journal: #011at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
Aug  8 16:38:26 master journal: #011at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
Aug  8 16:38:26 master journal: #011at java.net.Socket.connect(Socket.java:589)
Aug  8 16:38:26 master journal: #011at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673)
Aug  8 16:38:26 master journal: #011at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
Aug  8 16:38:26 master journal: #011at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:93)
Aug  8 16:38:26 master journal: #011at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:972)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm.getOpenShiftUserInfo(OpenShiftOAuth2SecurityRealm.java:489)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm.populateDefaults(OpenShiftOAuth2SecurityRealm.java:337)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth.setOauth(OpenShiftSetOAuth.java:73)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftPermissionFilter.doFilter(OpenShiftPermissionFilter.java:106)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:38)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:126)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
Aug  8 16:38:26 master journal: #011at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
Aug  8 16:38:26 master journal: #011at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
Aug  8 16:38:26 master journal: #011at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.Server.handle(Server.java:499)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
Aug  8 16:38:26 master journal: #011at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
Aug  8 16:38:26 master journal: #011at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
Aug  8 16:38:26 master journal: #011at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
Aug  8 16:38:26 master journal: #011at java.lang.Thread.run(Thread.java:748)
Aug  8 16:38:26 master journal: 
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm populateDefaults
Aug  8 16:38:26 master journal: INFO: OpenShift OAuth returning false with namespace ci SA dir null default /run/secrets/kubernetes.io/serviceaccount SA name null default null client ID null default null secret null default [LONG STRING HERE] redirect null default null server null default https://openshift.default.svc
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth setOauth
Aug  8 16:38:26 master journal: INFO: OpenShift OAuth: running in OpenShift pod with required OAuth features: false


# oc version
oc v1.5.1
kubernetes v1.5.2+43a9be4
features: Basic-Auth GSSAPI Kerberos SPNEGO


I think I will just come back to version 3.2 and 3.3 as I didn't have any issues with any of these versions... since version 3.4 I just constantly run into more and more issues :/.

To run with the openshift jenkins oauth integration (i.e. our "login" plugin) with the openshift oauth server running in an openshift master, if you run with a pre-3.4 master, you have to manually
configure the plugin in the jenkins image to talk with the oauth server, and you had to manually add the jenkins service to the oauth whitelist on the master.

From what I'm gathering here you did not previously do that.

With a master at 3.4 or beyond, aside from not having the configure the login plugin out of the box if jenkins is running in an openshift pod, the templates we shipped for jenkins
in 3.4 and beyond leverage a new annotation provided by to the oauth server that allows the bypassing of the manual whitelist update.

Based on the pod logs you posted, either a) your jenkins image is not running in an openshift pod, b) it was a pod instantiated with a pre-3.4 template, or c) you are running
against a pre-3.4 openshift master.  Because of that, we cannot autoconfigure the oauth integration and fall back to the default jenkins authentication.


Thank you for your help.


On 8 August 2017 at 16:35, Ben Parees <bparees redhat com> wrote:


On Tue, Aug 8, 2017 at 10:52 AM, Thorvald Hallvardsson <thorvald hallvardsson gmail com> wrote:
Hi,

I'm trying to run jenkins on OpenShift to integrate it nicely with pipelines and OAUTH. I have done that in the past and it was all working but I'm trying to reproduce what I used to do before and it simply doesn't work. I don't know why but from one version to another OpenShift is becominbg more and more pain. 

I was following official blog article https://blog.openshift.com/openshift-pipelines-jenkins-blue-ocean/ which used to work however jenkins changed something now and that build simply doesn't work anymore:
Cloning "https://github.com/siamaksade/jenkins-blueocean.git" ...
WARNING: timed out waiting for git server, will wait 1m4s
Commit: 70cff8557908b592d291e6ea0b3a018069b61324 (updated README)
Author: Siamak Sadeghianfar <ssadeghi redhat com>
Date: Thu Apr 6 18:48:41 2017 +0700
---> Copying repository files ...
---> Installing Jenkins 0 plugins using /opt/openshift/plugins.txt ...
Creating initial locks...
Locking blueocean:1.0.0
Analyzing war...
Downloading plugins...
Downloading plugin: blueocean from https://updates.jenkins-ci.org/download/plugins/blueocean/1.0.0/blueocean.hpi
Downloading plugin: blueocean-plugin from https://updates.jenkins-ci.org/download/plugins/blueocean-plugin/1.0.0/blueocean-plugin.hpi
Failed to download plugin: blueocean or blueocean-plugin
Failed to install plugins.
error: build error: non-zero (13) exit code from openshift/jenkins-2-centos7 sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712

Simply because second link drops 404... blueocean-plugin.hpi doesn't exist anymore. 

Sounds like some stuff has bit-rotted in that blog, CCing Siamak in case he has time to update it.

But note that we do already install blue ocean in our jenkins centos image and we'll be adding it to our rhel image most likely in 3.7.

 


I decided OK... I don't need blueocean so I will just go for standard Jenkins from OpenShift templates. That did install successfuly but when I click on the link it asks for username and password (on Jenkins screen) so simply OAUTH doesn't work at all. 

The pod has 
# oc exec jenkins-1-28l8x env |grep -i auth
OPENSHIFT_ENABLE_OAUTH=true

it is running but ... yeah how do I integrate it with my pipelines? Any ideas?

Gabe and Mo (on CC) have added some debug for oauth flow failures, what version of openshift are you running and can you provide openshift master logs and jenkins pod logs?


 

Thanks!

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




--
Ben Parees | OpenShift





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]