Deployment is getting stuck

[poojasharma6]

Jobs log :

Deploying packages to http://dev00:7120/crx/de/../.. Deploying /opt/app/workload/jenkins/ecms/data/jobs/testDeploy/workspace/aem-upperfunnel-apps-1.0.32-SNAPSHOT.zip to http://dev00:7120/crx/packmgr/index.jsp#/etc/packages/Upperfunnel/aem-upperfunnel-apps-1.0.32-SNAPSHOT.zip

After this it just gets stuck and there is nothing in Jenkins log as well.

I checked the connection from job configuration and it is successfull!!

I am using plugin version 1.5.3 AEM is 6.1 SP1

[adamcin]

Hi @poojasharma6 ,

1. was the plugin working for you before installing 1.5.3, or did you recently upgrade?
2. what version of Jenkins are you using, and what are the installed versions of Credentials, SSH Credentials, and Bouncycastle API Plugins ?
3. What is the size of aem-upperfunnel-apps-1.0.32-SNAPSHOT.zip ?
4. Are you connecting to your AEM instance through a reverse proxy like Apache, an F5, or an ELB?

What is the result of running this curl command? (Please redact any credentials or Authorization headers before pasting the output)

curl -u <user>:<pass> -v -Fcmd=delete -Fjcr:primaryType=adamcin:NoSuchType http://dev00:7120/crx/packmgr/service/exec.json/adamcin/no-such-package-1.0.0.zip

I expect to see something similar to the following:

$ curl -u admin:admin -v -Fcmd=delete -Fjcr:primaryType=adamcin:NoSuchType http://localhost:4502/crx/packmgr/service/exec.json/adamcin/no-such-package-1.0.0.zip
*   Trying ::1...
* connect to ::1 port 4502 failed: Connection refused
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 4502 (#0)
* Server auth using Basic with user 'admin'
> POST /crx/packmgr/service/exec.json/adamcin/no-such-package-1.0.0.zip HTTP/1.1
> Host: localhost:4502
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.49.1
> Accept: */*
> Content-Length: 266
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=------------------------facded5317e05af0
>
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< Date: Tue, 18 Oct 2016 23:28:51 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 36
< Server: Jetty(9.2.9.v20150224)
< X-Powered-By: Jetty(9.2.9.v20150224)
<
* Connection #0 to host localhost left intact
{"success":false,"msg":"no package"}

[poojasharma6]

This is what i got:

[enabler@dev00 workload]$ curl -u user:pass -Fcmd=delete -Fjcr:primaryType=adamcin:NoSuchType http://dev00:7120/crx/packmgr/service/exec.json/adamcin/no-such-package-1.0.0.zip {"success":false,"msg":"no package"}

[adamcin]

@poojasharma6 that's the expected response, but I need the answers to the other questions and I also need you to run that curl command with "-v" to see the verbose output.

[poojasharma6]

Apologies, I didn't see your response properly. Sorry for that. Here it is:

1. This is the first time I am using this plugin so 1.5.3 is the only version i have used
2. Jenkins: 2.19.1 Credentials: 2.1.6 SSH Credentials: 2.4 Bouncycastle API: 2.16.0
3. Package Size: 690.4 KB
4. reverse proxy like Apache, an F5, or an ELB? No
5. Curl -v output -

` $ curl -u admin:pass -v -Fcmd=delete -Fjcr:primaryType=adamcin:NoSuchType http://zlt07765.vci.att.com:7120/crx/packmgr/service/exec.json/adamcin/no-such-package-1.0.0.zip

• About to connect() to zlt07765.vci.att.com port 7120 (#0)
• Trying 135.47.218.214... connected
• Connected to zlt07765.vci.att.com (135.47.218.214) port 7120 (#0)
• Server auth using Basic with user 'admin'

  POST /crx/packmgr/service/exec.json/adamcin/no-such-package-1.0.0.zip HTTP/1.1 Authorization: Basic {redacted} User-Agent: curl/7.19.7 (x8664-redhat-linux-gnu) libcurl/7.19.7 NSS/3.18 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 Host: zlt07765.vci.att.com:7120 Accept: /_ Content-Length: 266 Expect: 100-continue Content-Type: multipart/form-data; boundary=----------------------------aeab810ba693

  < HTTP/1.1 100 Continue < HTTP/1.1 200 OK < Server: Apache-Coyote/1.1 < Content-Type: application/json;charset=utf-8 < Content-Length: 36 < Date: Fri, 21 Oct 2016 15:00:12 GMT <

• Connection #0 to host zlt07765.vci.att.com left intact
• Closing connection #0 {"success":false,"msg":"no package"} `

Since this is working fine for publish instance, i tried to dig out the reason for why it is failing for author if I give just the base URL in the plugin. If I give baseURL followed by /crx/de/../.. , plugin test connection returns successfull - but still deployment hangs. I found out that we are using CSP login (somewhat like ldap integration) for both author and publish but it is used somewhat differently for author.

However, if i do installation through maven or curl on command line - passing admin credentials, it works perfectly fine. It fails when using the plugin :(

[adamcin]

Non-standard authentication schemes can definitely cause issues. Can you provide more detail:

1. Is it SSO based, like SAML, or is Oak configured to pass credentials to a backend CSP connection?
2. are you able to login as admin through CRX de lite?

[poojasharma6]

Hi, Yes, it is SSO based- via cookie. So, when i open CRX de lite on my local, it automatically logs me in as my user and then i login again as admin. However, if i run maven goal through Jenkins, i can pass admin credentials and the build runs fine. Same is the case with running curl command - directly or from jenkins

[adamcin]

It sounds like the SSO auth handler hijacks the /crx/de request, and may also be hijacking the post to /crx/j_security_check.

Can you try issuing the following curl command and paste the verbose output?

curl -v -dj_username=<user> -dj_password=<pass> -dj_validate=true -d_charset_=utf-8 http://zlt07765.vci.att.com:7120/crx/j_security_check

[poojasharma6]

Here is the output:

'$ curl -v -dj_username=admin -dj_password=pass -dj_validate=true -dcharset=utf-8 http://zlt07765.vci.att.com:7120/crx/j_security_check

• About to connect() to zlt07765.vci.att.com port 7120 (#0)
• Trying 135.47.218.214... connected
• Connected to zlt07765.vci.att.com (135.47.218.214) port 7120 (#0)

  POST /crx/j_security_check HTTP/1.1 User-Agent: curl/7.19.7 (x8664-redhat-linux-gnu) libcurl/7.19.7 NSS/3.18 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 Host: zlt07765.vci.att.com:7120 Accept: /_ Content-Length: 71 Content-Type: application/x-www-form-urlencoded

  < HTTP/1.1 302 Moved Temporarily < Server: Apache-Coyote/1.1 < Location: https://www.e-access.att.com/empsvcs/hrpinmgt/pagLogin/?retURL=http%3A%2F%2Fzlt07765.vci.att.com%3A7120%2Fcrx%2Fj_security_check&sysName=AuthForCQ < Content-Length: 0 < Date: Mon, 24 Oct 2016 17:56:05 GMT <

• Connection #0 to host zlt07765.vci.att.com left intact
• Closing connection #0 '

[adamcin]

@poojasharma6 I've uploaded version 1.5.4 that should be available this evening with the ability to enable Preemptive Auth for Base Url patterns. Please upgrade and then navigate to Manage Jenkins -> Configure System -> section "CRX Content Package Deployer - HTTP Client", and enter "http" for the "Preempt Login for Base URLs". Then try your build again. You should see following message in the execution log:

[ALERT] Preemptive basic auth enabled for URL http://zlt07765.vci.att.com:7120

[adamcin]

@poojasharma6 Please upgrade to version 1.6 for this feature. It now works using regular expressions and has been tested on a master-slave jenkins installation.

[poojasharma6]

Hi @adamcin ,

I upgraded to 1.6 and as suggested by you, used Preemptive basic auth for HTTP but still deployment is getting stuck

I did not get any alert in job console logs like you indicated. That is when i went back and looked at the jenkins configuration for plugin and they are not there.

I try adding the configuration again and save but it vanishes.

There is nothing in Jenkins log indicating failure to save. Also, i do not see any plugin specific xml file created to save the settings

[adamcin]

@poojasharma6 I see my mistake. Version 1.6.2 is on its way.

[poojasharma6]

Let me know when its available please

[adamcin]

@poojasharma6 It's available. Please upgrade and let me know how it goes.

[poojasharma6]

Deployment to author is still getting stuck :(

[adamcin]

@poojasharma6 please paste the full execution log and your global plugin config. Thanks.

[poojasharma6]

Here is the execution log: Started by user anonymous [EnvInject] - Loading node environment variables. Building in workspace /opt/app/workload/jenkins/ecms/data/jobs/testDeploy/workspace [workspace] $ /bin/bash -e /tmp/env-testDeploy5327540386606299364.sh [environment-script] Adding variable 'pubServerPort' with value '7210' [environment-script] Adding variable 'pubServerName' with value 'dev00' [environment-script] Adding variable 'authServerPort' with value '7120' [environment-script] Adding variable 'authServerName' with value 'dev00' Deploying packages to http://zlt07765.vci.att.com:7120 [ALERT] Preemptive basic auth enabled for URL http://dev00:7120/

After this it get stuck and nothing happens

Attached is the global plugin config (change to .xml) org.jenkinsci.plugins.graniteclient.GraniteAHCFactory.txt

[adamcin]

@poojasharma6 what is the difference between dev00 and zlt07765.vci.att.com ?

[poojasharma6]

They are same , no difference. I changed that in the output to hide the real servername. But it seems I missed it somewhere :)

On Tue, Nov 1, 2016 at 6:20 PM, Mark Adamcin notifications@github.com wrote:

@poojasharma6 https://github.com/poojasharma6 what is the difference between dev00 and zlt07765.vci.att.com ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/adamcin/crx-content-package-deployer/issues/4#issuecomment-257716639, or mute the thread https://github.com/notifications/unsubscribe-auth/AVLJ5yXyCFgSn5CyFTV2YREbCxHyoV0uks5q57tHgaJpZM4KY0W1 .