Agents are connecting to localhost instead of my server URL

[ShubhamAgarwal1616]

I am trying to set up this plugin on GOCD version 20.2.0. I have provided my server URL in the elastic agent configuration under go_server_url key. Still, my ec2 agents are trying to connect to the localhost URL.

[v-sky]

Hi @ShubhamAgarwal1616! I think you may not configured properly your AMI. Remember to create it disabling the go-agent.service autostart by default. The plugin will start it through the userdata by itself, after performing all the needed configurations.

[ShubhamAgarwal1616]

what we have to provide in userdata in plugin configuration. I could not figure that out. Also i am new to this thing and using an ubuntu ami image. i have installed agent as mentioned in this link https://docs.gocd.org/current/installation/install/agent/linux.html, but i could not find out how to disable auto start of an gocd agent. can you plz help me out there?

i created my ami after systemctl disable go-agent and these are the logs i am getting in my agent- 2020-04-25 10:23:40,933 INFO [TouchLoopThread-1] Lockfile:103 - Using lock file: /var/lib/go-agent/.agent-bootstrapper.running 2020-04-25 10:23:42,052 ERROR [WrapperJarAppMain] ServerBinaryDownloader:88 - Couldn't update admin/agent-launcher.jar. Sleeping for 1m. Error: org.apache.http.conn.HttpHostConnectException: Connect to localhost:8153 [localhost/127.0.0.1] failed: Connection refused

other than that i manually created a ec2 instance from my ami and when i am running service go-agent status i am getting output as- go-agent.service - go-agent Loaded: loaded (/etc/systemd/system/go-agent.service; disabled; vendor preset: enabled) Active: inactive (dead)

so i do not think my service is autostarting?? but still when an agent comes up it tries to connect to localhost.

[joelsdc]

One suggestion, you say the elastic vm starts just that it tries to connect to localhost, why don’t you check the userdata for the vm in ec2?

Either you didn’t follow the instructions correctly or you have some misconfiguration somewhere.

I’ve only started with GoCD recently too, so I’m no expert but I would check you have set the siteUrl correctly, I believe that is what the plugin uses to auto configure the agents.

[ShubhamAgarwal1616]

i checked my user data of instance that are coming up as agent and i found the issue. my user data containd this line: sed -i "s,https://localhost:8154/go,https://my-server-url/go,g" /usr/share/go-agent/wrapper-config/wrapper-properties.conf

the problem with this is that in gocd version 20.2.0 they have removed the support for 8154 port and so by default their wrapper-properties.conf file contains http://localhost:8153/go as server path. This sed command would have worked with gocd version 19.X and lower. so provided correct user-data in plugin config but now gives error logs as:

2020-04-24 11:21:38 ERROR [scheduler-1] SslInfrastructureService:173 - Error occurred during agent registration process: Elastic agents must submit both elasticAgentId and elasticPluginId. 2020-04-24 11:21:43 ERROR [scheduler-3] AgentHTTPClientController:103 - Error occurred when agent tried to ping server: org.springframework.remoting.RemoteAccessException: Could not access HTTP invoker remote service at [https://my-server-url/go/remoting/remoteBuildRepository]; nested exception is org.apache.http.client.ClientProtocolException: The server returned status code 403. Possible reasons include:

• This agent has been deleted from the configuration
• This agent is pending approval
• There is possibly a reverse proxy (or load balancer) that has been misconfigured. See https://docs.gocd.org/20.2.0/installation/configure-reverse-proxy.html#agents-and-reverse-proxies for details.

my server is running behind a load balancer and there in no 8154 port configured there as GOCD version 20.2.0 do not support it. Is there a way i can configure plugin for the updated version???

[v-sky]

Hello @ShubhamAgarwal1616, In this case you could modify by yourself the line https://github.com/continuumsecurity/GoCD-EC2-Elastic-Agent-Plugin/blob/be419e8234ad613b62d0ecbebac25a21223e2b3e/src/main/java/com/continuumsecurity/elasticagent/ec2/Ec2Instance.java#L72 in your own environment and compile your own version of the plugin. I still haven't migrated my environment from the 19 version, so I had no chance to try this. My plan is to start testing in the next weeks and your feedback is highly appreciated. If I confirm this in my environment I will release the new plugin version with the fix. Regards

[joelsdc]

Humm... I have your same setup and I did not have to recompile for that.. what I did is during the AMI creation process for the agent, one of my tasks (I use ansible+packer to prepare it) updates the wrapper-properties.conf file and sets wrapper.app.parameter.101=https://localhost:8154/go, then later the EC2 plugin does the sed correctly and everything else just works...

NOTE: See my problem in #6, don't forget to set siteUrl AND secureSiteUrl in GoCD if you are serving it behind a reverse proxy (nginx/apache2/haproxy/aws/etc...?) doing SSL offloading. --> (Ignore this, it applies to the EC2 google auth plugin, not the EC2 AWS Elastic Agent plugin)

Hope it helps!

[ShubhamAgarwal1616]

hey thanks @joelsdc for help. I fixed that url issue by using sed command in plugin userdata but i found out that agent and host name are also not being properly set in my /var/lib/go-agent/config/autoregister.properties. I think that is because plugin is using- echo "agent.auto.register.hostname=EA_$(ec2-metadata --instance-id | cut -d " " -f 2)" >> /var/lib/go-agent/config/autoregister.properties echo "agent.auto.register.elasticAgent.agentId=$(ec2-metadata --instance-id | cut -d " " -f 2)" >> /var/lib/go-agent/config/autoregister.properties

commands to set them and my ec2 instance does not have ec2-metadata command instead of it it has a command ec2metadata. I used aws ubuntu ami as the base ami for creation of my ami. Do i have to change my ami? or there is something else i can do?

i resolved this error by renaming my ec2metadata file in bin to ec2-metadata and then creating an ami. Please let me know if there is a better way to do it.

[joelsdc]

Hi @ShubhamAgarwal1616, yeah, I remember doing that too... the only problem I was not able to solve without a patch was the "auto add to environment" so the Agent could pick up pipelines (#6) (now it does apply haha)

Cheers ;)

[ShubhamAgarwal1616]

Finally it worked after all those changes. Thank you everyone for your help