No plugins installed

[tanrax]

What Operating System are you using (both controller, and any agents involved in the problem)?

Linux, Debian testing

Reproduction steps

1. Run: docker run -d -v jenkins_home:/var/jenkins_home -p 8080:8080 -p 50000:50000 --restart=on-failure jenkins/jenkins:lts-jdk17
2. Click on the install recommended plugins button.
3. See how the plugins are not installed. They all fail.

Expected Results

Have the plugins installed

Actual Results

For example:

2024-06-16 05:41:54.538+0000 [id=80]    INFO    h.m.UpdateCenter$UpdateCenterConfiguration#download: Downloading antisamy-markup-formatter
2024-06-16 05:42:55.175+0000 [id=80]    SEVERE  h.model.UpdateCenter$DownloadJob#run: Failed to install antisamy-markup-formatter
java.net.SocketTimeoutException: Read timed out
        at java.base/sun.nio.ch.NioSocketImpl.timedRead(Unknown Source)
        at java.base/sun.nio.ch.NioSocketImpl.implRead(Unknown Source)
        at java.base/sun.nio.ch.NioSocketImpl.read(Unknown Source)
        at java.base/sun.nio.ch.NioSocketImpl$1.read(Unknown Source)
        at java.base/java.net.Socket$SocketInputStream.read(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketInputRecord.read(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketInputRecord.decode(Unknown Source)
        at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect0(Unknown Source)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
        at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1323)
Caused: java.io.IOException: Failed to load https://updates.jenkins.io/download/plugins/antisamy-markup-formatter/162.v0e6ec0fcfcf6/antisamy-markup-formatter.hpi to /var/jenkins_home/plugins/antisamy-markup-formatter.jpi.tmp
        at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1334)
Caused: java.io.IOException: Failed to download from https://updates.jenkins.io/download/plugins/antisamy-markup-formatter/162.v0e6ec0fcfcf6/antisamy-markup-formatter.hpi (redirected to: https://get.jenkins.io/plugins/antisamy-markup-formatter/162.v0e6ec0fcfcf6/antisamy-markup-formatter.hpi)
        at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1368)
        at hudson.model.UpdateCenter$DownloadJob._run(UpdateCenter.java:1925)
        at hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:2237)
        at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:1899)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
        at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
        at hudson.remoting.AtmostOneThreadExecutor$Worker.run(AtmostOneThreadExecutor.java:121)
        at java.base/java.lang.Thread.run(Unknown Source)

Anything else?

I have tried with the image "lts", "image: jenkins/jenkins", with compose.yaml, with volume on my host, without volume... Always the same results. From the image I can launch curl without problems.

services:

  jenkins:
    image: jenkins/jenkins
    #image: jenkins/jenkins:lts-jdk17
    user: root
    privileged: true
    ports:
      - 8800:8080
      #- 50000:50000
    #deploy:
      #resources:
        # limits:
        #   cpus: '2.0'
        #   memory: 2048m
        # reservations:
        #   cpus: '1'
        #   memory: 1024m
    restart: on-failure
    volumes:
      - jenkins_home:/var/jenkins_home

  ssh-agent:
    image: jenkins/ssh-agent

Are you interested in contributing a fix?

No response

[dduportal]

Hi @tanrax , as you can read in the error message in the snippet message you've posted, your problem has nothing to do with the Docker image itself:

java.net.SocketTimeoutException: Read timed out

means there is an error at the network level on your system which prevent the JVM process in your Jenkins container to reach the outside download mirror.

This issue should be closed as unrelated: I cannot reproduce your error on 3 different systems (Docker Desktop on macOS silicon from French ISP, Docker CE on Ubuntu on Azure US East 1 and Docker Desktop on Windows 11 on a Belgium ISP) and the Jenkins platform has no problem building their images in https://github.com/jenkins-infra/docker-jenkins-weekly and https://github.com/jenkins-infra/docker-jenkins-lts.

Before closing, let's see if we can start diagnosing further:

• What is the result of the following commands:

# From your host machine
curl --verbose --head --location --silent --show-error https://get.jenkins.io/plugins/antisamy-markup-formatter/162.v0e6ec0fcfcf6/antisamy-markup-formatter.hpi

and

# From inside a new ephemeral container based on the Jenkins image
docker run --tty --interactive --rm --entrypoint=curl jenkins/jenkins:lts-jdk17 --verbose --head --location --silent --show-error https://get.jenkins.io/plugins/antisamy-markup-formatter/162.v0e6ec0fcfcf6/antisamy-markup-formatter.hpi

?

• Could you share a screenshot of the following link from your webbrowser: https://get.jenkins.io/plugins/antisamy-markup-formatter/162.v0e6ec0fcfcf6/antisamy-markup-formatter.hpi?mirrorlist ?

• Can you build the following Docker image: https://github.com/jenkins-infra/docker-jenkins-lts with:

git clone https://github.com/jenkins-infra/docker-jenkins-lts
cd ./docker-jenkins-lts/
docker image build --tag=docker-jenkins-lts ./

or do you have an error (and if yes, which one)?

• Can you share details about your setup:
  • Host OS
  • Docker version and distribution (CE? Desktop? other?)
  • Are you using a virtual machine? Nested virutalization?
  • Is your network using a firewall, an HTTP proxy, any kind of DNS or TCP filtering?
  • Have you the same problem after restarting your machine and your router?

[tanrax]

Hi @dduportal ! Thank you for taking the time to respond to me, with such speed and detail.

The following command works fine.

curl --verbose --head --location --silent --show-error https://get.jenkins.io/plugins/antisamy-markup-formatter/162.v0e6ec0fcfcf6/antisamy-markup-formatter.hpi

The following command freezes. Curl does not resolve.

docker run --tty --interactive --rm --entrypoint=curl jenkins/jenkins:lts-jdk17 --verbose --head --location --silent --show-error https://get.jenkins.io/plugins/antisamy-markup-formatter/162.v0e6ec0fcfcf6/antisamy-markup-formatter.hpi

Output:

*   Trying 20.7.178.24:443...                                                                                                                                                               * Connected to get.jenkins.io (20.7.178.24) port 443 (#0)                                                                                                                                   * ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs

Screenshot

I can't build an image, it freezes when it downloads the plugins.

• Host OS: Debian testing
• Docker version and distribution (CE? Desktop? other?): CE
• Are you using a virtual machine? Nested virutalization?: No
• Is your network using a firewall, an HTTP proxy, any kind of DNS or TCP filtering?: No
• Have you the same problem after restarting your machine and your router?: Yes

[dduportal]

Hi @dduportal ! Thank you for taking the time to respond to me, with such speed and detail.

The following command works fine.

curl --verbose --head --location --silent --show-error https://get.jenkins.io/plugins/antisamy-markup-formatter/162.v0e6ec0fcfcf6/antisamy-markup-formatter.hpi

The following command freezes. Curl does not resolve.

docker run --tty --interactive --rm --entrypoint=curl jenkins/jenkins:lts-jdk17 --verbose --head --location --silent --show-error https://get.jenkins.io/plugins/antisamy-markup-formatter/162.v0e6ec0fcfcf6/antisamy-markup-formatter.hpi

Output:

*   Trying 20.7.178.24:443...                                                                                                                                                               * Connected to get.jenkins.io (20.7.178.24) port 443 (#0)                                                                                                                                   * ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs

Screenshot

I can't build an image, it freezes when it downloads the plugins.

* Host OS: Debian testing

* Docker version and distribution (CE? Desktop? other?): CE

* Are you using a virtual machine? Nested virutalization?: No

* Is your network using a firewall, an HTTP proxy, any kind of DNS or TCP filtering?: No

* Have you the same problem after restarting your machine and your router?: Yes

I confirm there is a problem with your Docker CE installation: something is blocking the requests. Could you try to use other images and retry please?

[tanrax]

I have managed to fix it using network host. I leave it documented in case someone needs it in the future.

services:

  jenkins:
    image: jenkins/jenkins:lts-jdk17
    user: root
    privileged: true
    network_mode: "host"
    ports:
      - 8800:8080
    restart: on-failure
    volumes:
      - ./jenkins_home:/var/jenkins_home

Thanks @dduportal

[dduportal]

I have managed to fix it using network host. I leave it documented in case someone needs it in the future.

services:

  jenkins:
    image: jenkins/jenkins:lts-jdk17
    user: root
    privileged: true
    network_mode: "host"
    ports:
      - 8800:8080
    restart: on-failure
    volumes:
      - ./jenkins_home:/var/jenkins_home

Thanks @dduportal

Hi @tanrax , happy to help, however this solution is unsafe and I do not recommend it at all: it effectively gives full access to your Docker Host system to the Jenkins process. This is considered a security issue and you should not use it.

• user: root : Jenkins must NEVER be executed as the root user
• privileged: true: no webservice should run with this option enabled: it has the right to destroy the underlying machine or worse (full access to system, bootload, devices, etc.)
• network_mode: "host" is dangerous as it allows the process to sniff traffic on all network interfaces of the host.

=> you have an issue with your Docker installation on this system and I recommend that you check with the Docker community help. The fact that you cannot reach internet from inside a container shows that the Docker network (ref. https://docs.docker.com/network/) has an issue. It sounds like a routing issue: check that the default Docker private network do not overlap with your own networks.

[tanrax]

It seems to be a Docker problem, as you indicate. Thank you very much for the help! ♥️