[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Jenkins integration



Ok thanks. We'll add a check to master and release-3.6 branches that halt the install if they detect that 1.5 is being installed since the new code won't work with that version. New thread for the metrics problem?

On Fri, Aug 11, 2017 at 4:49 AM, Thorvald Hallvardsson <thorvald hallvardsson gmail com> wrote:
Hi guys,

Thank you for your help. I tried all the solutions neither had worked. I had to uninstall OpenShift entirely and start from scratch from branch release-1.5 and it is now working good. Metrics containers keep crashing though but it's another story as on the previous installation it also didn't work. Pain in the neck that hawkular metrics are.

Thank you once again.

Regards,
TH



On 10 August 2017 at 09:41, Thorvald Hallvardsson <thorvald hallvardsson gmail com> wrote:
Hi,

Thank you for your help. I will try to run update from release-1.6 branch and we will see how it goes.

I'm wondering why this has happened because that was fresh installation directly from the master branch so why things would get mixed up ?

Thank you.
Regards.
TH

On 9 August 2017 at 19:13, Scott Dodson <sdodson redhat com> wrote:
The problem is that the playbooks configured the environment as if it were a 3.6 environment but installed 1.5 which doesn't respect the configuration values set to start the dns service on the node, this is because the master branch only supports 3.7 and 3.6. You can either upgrade to 3.6, try to replace the 3.6 dnsmasq bits with 1.5 versions, or scrap the environment and re-install using the release-1.5 branch of the installer.

Upgrading to 3.6 may be the easiest but currently requires enabling the test repo but I think this would do the trick for you
`yum --disableexcludes=all --enablerepo=centos-openshift-origin-testing upgrade origin\* && systemctl restart origin-master origin-node`

If you'd prefer staying at 1.5 and cleaning up the 3.6 dnsmasq bits it's a bit more involved but I think this would work.

Remove the following four lines from /etc/systemd/system/origin-node.service :

ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/cluster.local/127.0.0.1
ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:

Reload and restart the node:

systemctl daemon-reload
systemctl restart origin-node

Cleanup various dnsmasq bits:
rm /etc/dnsmasq.d/node-dnsmasq.conf /etc/dnsmasq.d/origin-dns.conf /etc/dnsmasq.d/origin-upstream-dns.conf
systemctl restart NetworkManager

that should be enough, if not try rebooting the host.


--
Scott



On Wed, Aug 9, 2017 at 1:37 PM, Ben Parees <bparees redhat com> wrote:


On Wed, Aug 9, 2017 at 11:29 AM, Thorvald Hallvardsson <thorvald hallvardsson gmail com> wrote:
Hi Ben,

This message is quite confilicting and confusing as what is says in my case is 'IF' you have any dnsmasq service turn it off as master will configure it's own and it is automatically configured as it says. Besides that ... Ansible playbook won't run if you set dnsmasq to false as it's the part of the requirement...

I think you're wrong here :/. 

There's a great deal of "it depends" here and there are cases where you need to stop the system dnsmasq.  Can you try it?  systemctl stop dnsmasq and then restart your openshift processes.

As background how did you install your cluster and what level is it?

 

Regards.

On 9 August 2017 at 16:23, Ben Parees <bparees redhat com> wrote:
you need to shutdown the system dnsmasq, openshift runs its own dns service.  (you'll need to restart openshift after shutting down dnsmasq since openshift will have failed to bind to port 53 at this point, as you can see it bound to port 8053 instead in your case).


"As of OpenShift Origin 1.2, dnsmasq is automatically configured on all masters and nodes. The pods use the nodes as their DNS, and the nodes forward the requests. By default, dnsmasq is configured on the nodes to listen on port 53, therefore the nodes cannot run any other type of DNS application."

https://docs.openshift.org/latest/install_config/install/prerequisites.html#prereq-dns




On Wed, Aug 9, 2017 at 11:06 AM, Thorvald Hallvardsson <thorvald hallvardsson gmail com> wrote:
Thank you Gabe for your help. DNS is defo the issue here, but I don't really understand why....

[root node2 ~]# docker exec -ti 22573e420631 /bin/bash
bash-4.2$                                                                                                                                                                               
bash-4.2$ 
bash-4.2$ cat /etc/resolv.conf 
search jenkins.svc.cluster.local svc.cluster.local cluster.local hr4.local cluster.local
nameserver 192.168.1.62
nameserver 192.168.1.62
options ndots:5

bash-4.2$ cat /etc/hosts       
# Kubernetes-managed hosts file.
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.129.0.26     jenkins-1-j267m

bash-4.2$ ping openshift.default.svc
ping: openshift.default.svc: Name or service not known

[root node2 ~]# systemctl status dnsmasq.service 
● dnsmasq.service - DNS caching server.
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2017-08-08 11:45:11 BST; 1 day 4h ago
 Main PID: 1227 (dnsmasq)
   Memory: 532.0K
   CGroup: /system.slice/dnsmasq.service
           └─1227 /usr/sbin/dnsmasq -k

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

[root node2 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search hr4.local cluster.local
nameserver 192.168.1.62

[root node2 ~]# ping openshift.default.svc
ping: openshift.default.svc: Name or service not known


[root node2 ~]# cat /etc/dnsmasq.d/node-dnsmasq.conf 
server=/in-addr.arpa/127.0.0.1
server=/cluster.local/127.0.0.1

[root node2 ~]# cat /etc/dnsmasq.d/origin-dns.conf 
no-resolv
domain-needed
no-negcache
max-cache-ttl=1
enable-dbus
bind-interfaces
listen-address=192.168.1.62

[root node2 ~]# cat /etc/dnsmasq.d/origin-upstream-dns.conf 
server=8.8.8.8


[root master ~]# oc get endpoints -n default
NAME               ENDPOINTS                                               AGE
docker-registry    10.130.0.35:5000                                        28d
registry-console                                                           28d
router             192.168.1.60:443,192.168.1.60:1936,192.168.1.60:80      28d


[root master ~]# oc describe endpoint kubernetes
the server doesn't have a resource type "endpoint"
[root master ~]# oc describe endpoints kubernetes -n default
Name:           kubernetes
Namespace:      default
Labels:         <none>
Subsets:
  Addresses:            192.168.1.60
  NotReadyAddresses:    <none>
  Ports:
    Name        Port    Protocol
    ----        ----    --------
    https       8443    TCP
    dns-tcp     8053    TCP
    dns         8053    UDP

No events.

[root master ~]# dig @192.168.1.60 -p 8053 openshift.default.svc

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> @192.168.1.60 -p 8053 openshift.default.svc
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17462
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;openshift.default.svc.         IN      A

;; Query time: 0 msec
;; SERVER: 192.168.1.60#8053(192.168.1.60)
;; WHEN: Wed Aug 09 15:58:47 BST 2017
;; MSG SIZE  rcvd: 39

[root master ~]# dig @192.168.1.60 openshift.default.svc

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> @192.168.1.60 openshift.default.svc
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63443
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;openshift.default.svc.         IN      A

;; Query time: 0 msec
;; SERVER: 192.168.1.60#53(192.168.1.60)
;; WHEN: Wed Aug 09 15:58:51 BST 2017
;; MSG SIZE  rcvd: 39

[root master ~]# oc get service -n default
NAME               CLUSTER-IP       EXTERNAL-IP   PORT(S)                   AGE
docker-registry    172.30.76.8      <none>        5000/TCP                  28d
kubernetes         172.30.0.1       <none>        443/TCP,53/UDP,53/TCP     28d
registry-console   172.30.244.187   <none>        9000/TCP                  28d
router             172.30.46.239    <none>        80/TCP,443/TCP,1936/TCP   28d

[root master ~]# oc describe service kubernetes -n default
Name:                   kubernetes
Namespace:              default
Labels:                 component=apiserver
                        provider=kubernetes
Selector:               <none>
Type:                   ClusterIP
IP:                     172.30.0.1
Port:                   https   443/TCP
Endpoints:              192.168.1.60:8443
Port:                   dns     53/UDP
Endpoints:              192.168.1.60:8053
Port:                   dns-tcp 53/TCP
Endpoints:              192.168.1.60:8053
Session Affinity:       ClientIP
No events.

[root master ~]# ss -tunlpa |egrep '(:53|:8053)'
udp    UNCONN     0      0         *:8053                  *:*                   users:(("openshift",pid=2623,fd=84))
udp    UNCONN     0      0      192.168.1.60:53                    *:*                   users:(("dnsmasq",pid=1253,fd=4))
tcp    LISTEN     0      128       *:8053                  *:*                   users:(("openshift",pid=2623,fd=87))
tcp    LISTEN     0      5      192.168.1.60:53                    *:*                   users:(("dnsmasq",pid=1253,fd=5))


[root master ~]# ps aux |grep 2623
root       2623  2.9  3.9 1796052 313836 ?      Ssl  Aug08  49:32 /usr/bin/openshift start master --config=/etc/origin/master/master-config.yaml --loglevel=2
root      18338  0.0  0.0 112648   964 pts/0    S+   16:03   0:00 grep --color=auto 2623



what am I missing here? 


On 9 August 2017 at 14:38, Gabe Montero <gmontero redhat com> wrote:


On Wed, Aug 9, 2017 at 4:55 AM, Thorvald Hallvardsson <thorvald hallvardsson gmail com> wrote:
Hi,

Thank you for your update.

As you can clearly see from my previous email I'm running OpenShift 3.5:
# oc version
oc v1.5.1
kubernetes v1.5.2+43a9be4
features: Basic-Auth GSSAPI Kerberos SPNEGO

# origin version
origin v1.5.1
kubernetes v1.5.2+43a9be4
etcd 3.1.0

Ah - apologies I missed that !


Regarding your question and suggestions around OAUTH I ran official openshift jenkins2 ephemeral template and that either doesn't work. 

OK thanks for confirming that.  Depending on how debug progresses, we may need `oc get sa jenkins -o yaml` to ensure the redirect annotation
is correct. 

But for now, in revisiting your jenkins pod log and comparing with a jenkins start where the oauth auto config succeeds, your default client ID
is null, where it should be something like "system:serviceaccount:myproject:jenkins"

That stems from the second thing I missed in your prior debug datat ... jenkins pod logs .... the exception

Aug  8 16:38:26 master journal: java.net.UnknownHostException: openshift.default.svc

when we tried to access the master in order to construct the default client id.  That host name should be resolvable on any typical openshift pod.

There are a few possibilities as to why that would occur.

To narrow down, let's start with the contents of the /etc/resolv.conf and /etc/hosts.conf files in your jenkins pod.

thanks
 

some data:

[root master ~]# oc get pods
NAME              READY     STATUS    RESTARTS   AGE
jenkins-1-j267m   1/1       Running   0          5m
[root master ~]# oc describe pod jenkins-1-j267m
Name:                   jenkins-1-j267m
Namespace:              jenkins
Security Policy:        restricted
Node:                   node2.hr4.local/192.168.1.62
Start Time:             Wed, 09 Aug 2017 09:39:29 +0100
Labels:                 deployment=jenkins-1
                        deploymentconfig=jenkins
                        name=jenkins
Status:                 Running
IP:                     10.129.0.26
Controllers:            ReplicationController/jenkins-1
Containers:
  jenkins:
    Container ID:       docker://22573e42063109528896bdeb7de54f45c7251d71c3ae2321a1d6fea94404d01f
    Image:              openshift/jenkins-2-centos7 sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712
    Port:
    Limits:
      memory:   1Gi
    Requests:
      memory:           1Gi
    State:              Running
      Started:          Wed, 09 Aug 2017 09:41:59 +0100
    Ready:              True
    Restart Count:      0
    Liveness:           http-get http://:8080/login delay=420s timeout=3s period=10s #success=1 #failure=30
    Readiness:          http-get http://:8080/login delay=3s timeout=3s period=10s #success=1 #failure=3
    Volume Mounts:
      /var/lib/jenkins from jenkins-data (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from jenkins-token-txv72 (ro)
    Environment Variables:
      OPENSHIFT_ENABLE_OAUTH:           true
      OPENSHIFT_ENABLE_REDIRECT_PROMPT: true
      OPENSHIFT_JENKINS_JVM_ARCH:       x86_64
      KUBERNETES_MASTER:                https://kubernetes.default:443
      KUBERNETES_TRUST_CERTIFICATES:    true
      JNLP_SERVICE_NAME:                jenkins-jnlp
Conditions:
  Type          Status
  Initialized   True 
  Ready         True 
  PodScheduled  True 
Volumes:
  jenkins-data:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
  jenkins-token-txv72:
    Type:       Secret (a volume populated by a Secret)
    SecretName: jenkins-token-txv72
QoS Class:      Burstable
Tolerations:    <none>
Events:
  FirstSeen     LastSeen        Count   From                            SubObjectPath                   Type            Reason          Message
  ---------     --------        -----   ----                            -------------                   --------        ------          -------
  5m            5m              1       {default-scheduler }                                            Normal          Scheduled       Successfully assigned jenkins-1-j267m to node2.hr4.local
  5m            5m              1       {kubelet node2.hr4.local}       spec.containers{jenkins}        Normal          Pulling         pulling image "openshift/jenkins-2-centos7 sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712"
  2m            2m              1       {kubelet node2.hr4.local}       spec.containers{jenkins}        Normal          Pulled          Successfully pulled image "openshift/jenkins-2-centos7 sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712"
  2m            2m              1       {kubelet node2.hr4.local}       spec.containers{jenkins}        Normal          Created         Created container with docker id 22573e420631; Security:[seccomp=unconfined]
  2m            2m              1       {kubelet node2.hr4.local}       spec.containers{jenkins}        Normal          Started         Started container with docker id 22573e420631
  2m            1m              5       {kubelet node2.hr4.local}       spec.containers{jenkins}        Warning         Unhealthy       Readiness probe failed: HTTP probe failed with statuscode: 503
  1m            23s             6       {kubelet node2.hr4.local}       spec.containers{jenkins}        Warning         Unhealthy       Readiness probe failed: Get http://10.129.0.26:8080/login: net/http: request canceled (Client.Timeout exceeded while awaiting headers)

[root node2 ~]# docker inspect 22573e420631
[
    {
        "Id": "22573e42063109528896bdeb7de54f45c7251d71c3ae2321a1d6fea94404d01f",
        "Created": "2017-08-09T08:41:58.321766924Z",
        "Path": "/usr/libexec/s2i/run",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 99830,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2017-08-09T08:41:59.594662533Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:8dda791f1c46d2ea35867fd1fa89e64519f0bda17b1d26b2ac6cf92bc8966268",
        "ResolvConfPath": "/var/lib/docker/containers/59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b/hostname",
        "HostsPath": "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/etc-hosts",
        "LogPath": "",
        "Name": "/k8s_jenkins.ca203105_jenkins-1-j267m_jenkins_42102c09-7cde-11e7-9a6c-525400c269f8_b0e27732",
        "RestartCount": 0,
        "Driver": "devicemapper",
        "MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c10,c0",
        "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c10,c0",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/kubernetes.io~empty-dir/jenkins-data:/var/lib/jenkins:Z",
                "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/kubernetes.io~secret/jenkins-token-txv72:/var/run/secrets/kubernetes.io/serviceaccount:ro,Z",
                "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/etc-hosts:/etc/hosts:Z",
                "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/containers/jenkins/b0e27732:/dev/termination-log:Z"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "journald",
                "Config": {}
            },
            "NetworkMode": "container:59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b",
            "PortBindings": null,
            "RestartPolicy": {
                "Name": "",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": [
                "KILL",
                "MKNOD",
                "SETGID",
                "SETUID",
                "SYS_CHROOT"
            ],
            "Dns": null,
            "DnsOptions": null,
            "DnsSearch": null,
            "ExtraHosts": null,
            "GroupAdd": [
                "1000090000"
            ],
            "IpcMode": "container:59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 730,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": [
                "seccomp=unconfined",
                "label=level:s0:c10,c0"
            ],
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "docker-runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 2,
            "Memory": 1073741824,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": -1,
            "MemorySwappiness": -1,
            "OomKillDisable": false,
            "PidsLimit": 0,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0
        },
        "GraphDriver": {
            "Name": "devicemapper",
            "Data": {
                "DeviceId": "956",
                "DeviceName": "docker-253:0-2491527-6352b1d19f04272bc621e44bcf1b49f4a832886bdfb1d30359bae7b458fc0bb8",
                "DeviceSize": "10737418240"
            }
        },
        "Mounts": [
            {
                "Source": "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/kubernetes.io~empty-dir/jenkins-data",
                "Destination": "/var/lib/jenkins",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Source": "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/kubernetes.io~secret/jenkins-token-txv72",
                "Destination": "/var/run/secrets/kubernetes.io/serviceaccount",
                "Mode": "ro,Z",
                "RW": false,
                "Propagation": "rprivate"
            },
            {
                "Source": "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/etc-hosts",
                "Destination": "/etc/hosts",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Source": "/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/containers/jenkins/b0e27732",
                "Destination": "/dev/termination-log",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Config": {
            "Hostname": "jenkins-1-j267m",
            "Domainname": "",
            "User": "1000090000",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "50000/tcp": {},
                "8080/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "OPENSHIFT_ENABLE_OAUTH=true",
                "OPENSHIFT_ENABLE_REDIRECT_PROMPT=true",
                "OPENSHIFT_JENKINS_JVM_ARCH=x86_64",
                "KUBERNETES_MASTER=https://kubernetes.default:443",
                "KUBERNETES_TRUST_CERTIFICATES=true",
                "JNLP_SERVICE_NAME=jenkins-jnlp",
                "JENKINS_JNLP_PORT_50000_TCP_ADDR=172.30.98.196",
                "JENKINS_PORT=tcp://172.30.125.4:80",
                "KUBERNETES_PORT_53_UDP=udp://172.30.0.1:53",
                "KUBERNETES_PORT_53_TCP=tcp://172.30.0.1:53",
                "KUBERNETES_PORT_53_TCP_ADDR=172.30.0.1",
                "JENKINS_SERVICE_PORT_WEB=80",
                "JENKINS_JNLP_SERVICE_HOST=172.30.98.196",
                "KUBERNETES_SERVICE_PORT=443",
                "KUBERNETES_SERVICE_PORT_HTTPS=443",
                "KUBERNETES_SERVICE_PORT_DNS=53",
                "KUBERNETES_PORT_443_TCP_ADDR=172.30.0.1",
                "KUBERNETES_PORT_53_UDP_PROTO=udp",
                "KUBERNETES_PORT_53_UDP_PORT=53",
                "KUBERNETES_PORT_53_UDP_ADDR=172.30.0.1",
                "JENKINS_JNLP_SERVICE_PORT=50000",
                "JENKINS_JNLP_SERVICE_PORT_AGENT=50000",
                "JENKINS_JNLP_PORT_50000_TCP=tcp://172.30.98.196:50000",
                "JENKINS_PORT_80_TCP=tcp://172.30.125.4:80",
                "JENKINS_PORT_80_TCP_ADDR=172.30.125.4",
                "KUBERNETES_SERVICE_HOST=172.30.0.1",
                "KUBERNETES_PORT_443_TCP=tcp://172.30.0.1:443",
                "KUBERNETES_PORT_53_TCP_PROTO=tcp",
                "JENKINS_JNLP_PORT_50000_TCP_PROTO=tcp",
                "JENKINS_JNLP_PORT_50000_TCP_PORT=50000",
                "JENKINS_SERVICE_HOST=172.30.125.4",
                "JENKINS_PORT_80_TCP_PORT=80",
                "KUBERNETES_PORT_443_TCP_PORT=443",
                "JENKINS_JNLP_PORT=tcp://172.30.98.196:50000",
                "JENKINS_PORT_80_TCP_PROTO=tcp",
                "JENKINS_SERVICE_PORT=80",
                "KUBERNETES_PORT=tcp://172.30.0.1:443",
                "KUBERNETES_PORT_53_TCP_PORT=53",
                "KUBERNETES_SERVICE_PORT_DNS_TCP=53",
                "KUBERNETES_PORT_443_TCP_PROTO=tcp",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "JENKINS_VERSION=2.46.3",
                "HOME=/var/lib/jenkins",
                "JENKINS_HOME=/var/lib/jenkins",
                "JENKINS_UC=https://updates.jenkins-ci.org",
                "LANG=en_US.UTF-8",
                "LC_ALL=en_US.UTF-8"
            ],
            "Cmd": [
                "/usr/libexec/s2i/run"
            ],
            "Image": "openshift/jenkins-2-centos7 sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712",
            "Volumes": {
                "/var/lib/jenkins": {}
            },
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "build-date": "20170705",
                "io.kubernetes.container.hash": "ca203105",
                "io.kubernetes.container.name": "jenkins",
                "io.kubernetes.container.restartCount": "0",
                "io.kubernetes.container.terminationMessagePath": "/dev/termination-log",
                "io.kubernetes.pod.name": "jenkins-1-j267m",
                "io.kubernetes.pod.namespace": "jenkins",
                "io.kubernetes.pod.terminationGracePeriod": "30",
                "io.kubernetes.pod.uid": "42102c09-7cde-11e7-9a6c-525400c269f8",
                "io.openshift.builder-version": "fc9a5fc",
                "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
                "k8s.io.description": "Jenkins is a continuous integration server",
                "k8s.io.display-name": "Jenkins 2.46.3",
                "license": "GPLv2",
                "name": "CentOS Base Image",
                "openshift.io.expose-services": "8080:http",
                "openshift.io.tags": "jenkins,jenkins2,ci",
                "vendor": "CentOS"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": null,
            "SandboxKey": "",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": null
        }
    }
]

So I think everything is as it should I believe... but OAUTH doesn't work I got jenkins login screen when I click on the jenkins URL.

On 8 August 2017 at 18:51, Gabe Montero <gmontero redhat com> wrote:


On Tue, Aug 8, 2017 at 11:43 AM, Thorvald Hallvardsson <thorvald hallvardsson gmail com> wrote:
Hi,

I found the problem with Siamak git repo. Plugins.txt refers to blueocean 1.0.0 which doesn't exist anymore. I forked his repo and changed that to 1.0.1 and it builds fine now however I have an OAUTH issues still even on the blueocean image. 


This is a bit of interesting log I found:
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth setOauth
Aug  8 16:38:26 master journal: INFO: OpenShift OAuth: enable oauth set to true force false lastCheck Tue Aug 08 15:38:16 UTC 2017
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth setOauth
Aug  8 16:38:26 master journal: INFO: OpenShift OAuth: configured security realm on startup: hudson.security.HudsonPrivateSecurityRealm 41464f last check Tue Aug 08 15:38:16 UTC 2017
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm populateDefaults
Aug  8 16:38:26 master journal: INFO: populateDefaults
Aug  8 16:38:26 master journal: java.net.UnknownHostException: openshift.default.svc
Aug  8 16:38:26 master journal: #011at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
Aug  8 16:38:26 master journal: #011at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
Aug  8 16:38:26 master journal: #011at java.net.Socket.connect(Socket.java:589)
Aug  8 16:38:26 master journal: #011at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673)
Aug  8 16:38:26 master journal: #011at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
Aug  8 16:38:26 master journal: #011at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:93)
Aug  8 16:38:26 master journal: #011at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:972)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm.getOpenShiftUserInfo(OpenShiftOAuth2SecurityRealm.java:489)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm.populateDefaults(OpenShiftOAuth2SecurityRealm.java:337)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm.<init>(OpenShiftOAuth2SecurityRealm.java:273)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth.setOauth(OpenShiftSetOAuth.java:69)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftPermissionFilter.doFilter(OpenShiftPermissionFilter.java:106)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:38)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:126)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
Aug  8 16:38:26 master journal: #011at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm populateDefaults
Aug  8 16:38:26 master journal: INFO: OpenShift OAuth returning false with namespace ci SA dir null default /run/secrets/kubernetes.io/serviceaccount SA name null default null client ID
 null default null secret null default [LONG STRING HERE] redirect null default null server null default https:
//openshift.default.svc
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm populateDefaults
Aug  8 16:38:26 master journal: INFO: populateDefaults
Aug  8 16:38:26 master journal: java.net.UnknownHostException: openshift.default.svc
Aug  8 16:38:26 master journal: #011at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
Aug  8 16:38:26 master journal: #011at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
Aug  8 16:38:26 master journal: #011at java.net.Socket.connect(Socket.java:589)
Aug  8 16:38:26 master journal: #011at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673)
Aug  8 16:38:26 master journal: #011at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
Aug  8 16:38:26 master journal: #011at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:93)
Aug  8 16:38:26 master journal: #011at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:972)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm.getOpenShiftUserInfo(OpenShiftOAuth2SecurityRealm.java:489)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm.populateDefaults(OpenShiftOAuth2SecurityRealm.java:337)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth.setOauth(OpenShiftSetOAuth.java:73)
Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.openshiftlogin.OpenShiftPermissionFilter.doFilter(OpenShiftPermissionFilter.java:106)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:38)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:126)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
Aug  8 16:38:26 master journal: #011at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
Aug  8 16:38:26 master journal: #011at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
Aug  8 16:38:26 master journal: #011at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.Server.handle(Server.java:499)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
Aug  8 16:38:26 master journal: #011at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
Aug  8 16:38:26 master journal: #011at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
Aug  8 16:38:26 master journal: #011at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
Aug  8 16:38:26 master journal: #011at java.lang.Thread.run(Thread.java:748)
Aug  8 16:38:26 master journal: 
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm populateDefaults
Aug  8 16:38:26 master journal: INFO: OpenShift OAuth returning false with namespace ci SA dir null default /run/secrets/kubernetes.io/serviceaccount SA name null default null client ID null default null secret null default [LONG STRING HERE] redirect null default null server null default https://openshift.default.svc
Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth setOauth
Aug  8 16:38:26 master journal: INFO: OpenShift OAuth: running in OpenShift pod with required OAuth features: false


# oc version
oc v1.5.1
kubernetes v1.5.2+43a9be4
features: Basic-Auth GSSAPI Kerberos SPNEGO


I think I will just come back to version 3.2 and 3.3 as I didn't have any issues with any of these versions... since version 3.4 I just constantly run into more and more issues :/.

To run with the openshift jenkins oauth integration (i.e. our "login" plugin) with the openshift oauth server running in an openshift master, if you run with a pre-3.4 master, you have to manually
configure the plugin in the jenkins image to talk with the oauth server, and you had to manually add the jenkins service to the oauth whitelist on the master.

From what I'm gathering here you did not previously do that.

With a master at 3.4 or beyond, aside from not having the configure the login plugin out of the box if jenkins is running in an openshift pod, the templates we shipped for jenkins
in 3.4 and beyond leverage a new annotation provided by to the oauth server that allows the bypassing of the manual whitelist update.

Based on the pod logs you posted, either a) your jenkins image is not running in an openshift pod, b) it was a pod instantiated with a pre-3.4 template, or c) you are running
against a pre-3.4 openshift master.  Because of that, we cannot autoconfigure the oauth integration and fall back to the default jenkins authentication.


Thank you for your help.


On 8 August 2017 at 16:35, Ben Parees <bparees redhat com> wrote:


On Tue, Aug 8, 2017 at 10:52 AM, Thorvald Hallvardsson <thorvald hallvardsson gmail com> wrote:
Hi,

I'm trying to run jenkins on OpenShift to integrate it nicely with pipelines and OAUTH. I have done that in the past and it was all working but I'm trying to reproduce what I used to do before and it simply doesn't work. I don't know why but from one version to another OpenShift is becominbg more and more pain. 

I was following official blog article https://blog.openshift.com/openshift-pipelines-jenkins-blue-ocean/ which used to work however jenkins changed something now and that build simply doesn't work anymore:
Cloning "https://github.com/siamaksade/jenkins-blueocean.git" ...
WARNING: timed out waiting for git server, will wait 1m4s
Commit: 70cff8557908b592d291e6ea0b3a018069b61324 (updated README)
Author: Siamak Sadeghianfar <ssadeghi redhat com>
Date: Thu Apr 6 18:48:41 2017 +0700
---> Copying repository files ...
---> Installing Jenkins 0 plugins using /opt/openshift/plugins.txt ...
Creating initial locks...
Locking blueocean:1.0.0
Analyzing war...
Downloading plugins...
Downloading plugin: blueocean from https://updates.jenkins-ci.org/download/plugins/blueocean/1.0.0/blueocean.hpi
Downloading plugin: blueocean-plugin from https://updates.jenkins-ci.org/download/plugins/blueocean-plugin/1.0.0/blueocean-plugin.hpi
Failed to download plugin: blueocean or blueocean-plugin
Failed to install plugins.
error: build error: non-zero (13) exit code from openshift/jenkins-2-centos7 sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712

Simply because second link drops 404... blueocean-plugin.hpi doesn't exist anymore. 

Sounds like some stuff has bit-rotted in that blog, CCing Siamak in case he has time to update it.

But note that we do already install blue ocean in our jenkins centos image and we'll be adding it to our rhel image most likely in 3.7.

 


I decided OK... I don't need blueocean so I will just go for standard Jenkins from OpenShift templates. That did install successfuly but when I click on the link it asks for username and password (on Jenkins screen) so simply OAUTH doesn't work at all. 

The pod has 
# oc exec jenkins-1-28l8x env |grep -i auth
OPENSHIFT_ENABLE_OAUTH=true

it is running but ... yeah how do I integrate it with my pipelines? Any ideas?

Gabe and Mo (on CC) have added some debug for oauth flow failures, what version of openshift are you running and can you provide openshift master logs and jenkins pod logs?


 

Thanks!

_______________________________________________
users mailing list
...

[Message clipped]  


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]