Closed samrocketman closed 7 years ago
@magnayn I'm able to reproduce the stack trace from the Jenkins script console.
//variables
String serverUrl = "https://127.0.0.1:443"
String credentialsId = "606ed7a0-0cab-4c76-bd57-a9f4aea9a692"
String version = "1.8"
Integer readTimeout = 0
Integer connectTimeout = 0
//import com.nirima.jenkins.plugins.docker.DockerCloud$DescriptorImpl
//def x = Jenkins.instance.getExtensionList(com.nirima.jenkins.plugins.docker.DockerCloud$DescriptorImpl)[0]
//println x.metaClass.methods*.name.sort().unique()
//x.doTestConnection(serverUrl, credentialsId, version, readTimeout, connectTimeout)
import com.github.dockerjava.core.DockerClientConfig
import com.nirima.jenkins.plugins.docker.client.DockerCmdExecConfig
import com.github.dockerjava.api.DockerClient
import com.github.dockerjava.api.model.Version
import com.nirima.jenkins.plugins.docker.client.ClientConfigBuilderForPlugin
import com.nirima.jenkins.plugins.docker.client.DockerCmdExecConfigBuilderForPlugin
import com.nirima.jenkins.plugins.docker.client.ClientBuilderForPlugin
final DockerClientConfig clientConfig = ClientConfigBuilderForPlugin.dockerClientConfig()
.forServer(serverUrl, version)
.withCredentials(credentialsId)
.build()
final DockerCmdExecConfig execConfig = DockerCmdExecConfigBuilderForPlugin.builder()
.withReadTimeout(readTimeout)
.withConnectTimeout(connectTimeout)
.build()
DockerClient dc = ClientBuilderForPlugin.builder()
.withDockerClientConfig(clientConfig)
.withDockerCmdExecConfig(execConfig)
.build()
Version verResult = dc.versionCmd().exec()
"Version = " + verResult.getVersion()
It's basically an excerpt of doTestConnection(). The exception is called when the following is executed:
DockerClient dc = ClientBuilderForPlugin.builder()
.withDockerClientConfig(clientConfig)
.withDockerCmdExecConfig(execConfig)
.build()
Upgraded to Docker version 1.9.1, build a34a1d5. curl
still works and Jenkins config does not. It doesn't appear to reach a step of connecting to docker. It seems to fail on setup before a connection is ever made to docker.
Here's some example docker certificates if you want to test what I am doing. Please note, even when I remove the PEM info from the certs it still doesn't work and consistently fails with the same error.
The root of the exception occurs here. I've checked my 4096-bit private key and it seems OK.
$ openssl rsa -in key.pem -check -noout
RSA key ok
It FINALLY worked because I had to change how the private key was presented.
mv key.pem key.bak
openssl rsa -in key.bak -text > key.pem
Apparently, it only takes the private key successfully if you give it an extended -text
format. The wiki needs to be updated with how to use TLS auth. I'll get around to it if nobody does.
Filed a bug report with upstream library.
Since https://github.com/docker-java/docker-java/issues/441 is closed and the maintainer says they can't reproduce with their library using a different plugin then it narrows it to this plugin.
As noted in https://github.com/docker-java/docker-java/issues/441 there seems to be an open PR which could potentially fix this issue. I'm looking forward to it.
See the fix at https://github.com/docker-java/docker-java/pull/502
Hey @samrocketman I just wanted to thank you for discovering the problem and workaround, helped me through my day! Thank you!
Awesome @jquast :D glad my experience could help you. I went ahead and updated the original issue so the workaround is pointed out right away.
Docker plugin 0.17 now uses docker-commons for credentials management, which should avoid such issues making clearer definition about the expected keys format.
Server configuration
/etc/docker/
.ca.pem
(ca cert),cert.pem
(server cert),key.pem
(server private key)./etc/sysconfig/docker
withOPTIONS="--tlsverify -H tcp://127.0.0.1:443"
Client configuration
/path/docker
, and have added myca.pem
(ca cert),cert.pem
(client cert), andkey.pem
(client private key) to said path.localhost:8080
.I had to dig for it but found the docker cloud authentication configuration instructions https://github.com/jenkinsci/docker-plugin/issues/245#issuecomment-158012362.
Jenkins specs
/path/docker
(where client{ca,cert,key}.pem
are located).https://127.0.0.1:443
and using aforementioned credentials.Issue
I can't get the docker plugin to properly connect. I click the test connection button and it throws an error. When I test with
curl
it succeeds with my client certificates.Here's a stack trace from the web UI when I use the
Test Connection
button in the docker cloud settings of the configure page.Please note my SSL certs are x509 ASCII PEM format. Any idea what could be going wrong?
Workaround
This section is an edit of the original issue. I noted a workaround below.