Go to Manage Jenkins - > Configure System. Nexus should be configured with one server per casc.
Actual Results
Crashes, and Jenkins is not fully configured. In addition to Nexus plugin not having any configuration, there are warnings about the build agent and jenkins url not being configured, suggesting the configuration processing from Helm values.yaml was interrupted.
Anything else?
This very well may be caused by my lack of understanding of how to configure Nexus via casc. I can't find any documentation for it.
I get the following error, which does not occur when I remove the Nexus casc block.
config-reload error
```
[2023-02-06 23:34:50] Received unknown exception: HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /reload-configuration-as-code/
?casc-reload-token=jenkins-0 (Caused by ResponseError('too many 500 error responses'))
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 846, in urlopen
return self.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 846, in urlopen
return self.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 846, in urlopen
return self.urlopen(
[Previous line repeated 2 more times]
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 836, in urlopen
retries = retries.increment(method, url, response=response, _pool=self)
File "/usr/local/lib/python3.8/site-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /reload-configuration-as-code/?casc-reload-tok
en=jenkins-0 (Caused by ResponseError('too many 500 error responses'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/app/resources.py", line 239, in _watch_resource_loop
_watch_resource_iterator(*args)
File "/app/resources.py", line 227, in _watch_resource_iterator
request(request_url, request_method, enable_5xx, request_payload)
File "/app/helpers.py", line 123, in request
res = r.post("%s" % url, auth=auth, json=payload, timeout=REQ_TIMEOUT)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 590, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 507, in send
raise RetryError(e, request=request)
requests.exceptions.RetryError: HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /reload-configuration-as-code/?casc-reload-token
=jenkins-0 (Caused by ResponseError('too many 500 error responses'))
```
I can successfully manually configure the plug-in, and the Test Server button verifies it works.
Here are the other values.yaml settings.
other values.yaml
```
controller:
jenkinsUrl: "https://${dns_name_full}"
servicePort: 80
serviceType: ClusterIP
serviceAnnotations:
cloud.google.com/neg: '{"ingress": true}'
podAnnotations:
kube-vault-sync.github.com/sync: "admin-pwd,kaniko-auth,root-ca,argocd-api-token"
admin:
existingSecret: "admin-pwd"
userKey: "jenkins-admin-user"
passwordKey: "jenkins-admin-password"
# plugin or plugin:version
installPlugins:
- kubernetes
- workflow-aggregator
- git
- configuration-as-code
installLatestPlugins: true
installLatestSpecifiedPlugins: true
additionalPlugins:
- oic-auth # https://bytesource.net/en/blog/posts/serverless-jenkins-part-1/
- role-strategy
- adoptopenjdk
- prometheus
javaOpts: >-
-Dhudson.util.RingBufferLogHandler.defaultSize=4096
jenkinsOpts: "--sessionTimeout=1440"
initConfigMap: "init-groovy"
ingress:
enabled: true
hostName: "${dns_name_full}"
annotations:
ingress.gcp.kubernetes.io/pre-shared-cert: "${gce_ssl_cert_name}"
kubernetes.io/ingress.class: "gce-internal"
kubernetes.io/ingress.allow-http: "false"
external-dns.alpha.kubernetes.io/hostname: "${dns_name_full}."
tls:
- secretName: "${tls_secret_name}"
hosts:
- "jenkins.${kubernetes_namespace}.svc.cluster.local"
initScripts:
setup-known-hosts: |
new File("/var/jenkins_home/.ssh").mkdir()
File file = new File("/var/jenkins_home/.ssh/known_hosts")
file.write '${known_hosts}'
file.setReadOnly()
projectNamingStrategy:
roleBased:
forceExistingJobs: false
JCasC:
#
# Manually configure a test Jenkins the way you want it, then view the config in yaml
# at https://jenkins.int.${project_name}.nabancard.dev/configuration-as-code/viewExport,
# then adapt the relevant fragment to follow the pattern below.
#
# The inner name like 'welcome-message' is your choice, but it ends up in a configmap
# key and must be lowercase alphanumeric with optional middle dashes and dots.
#
configScripts:
welcome-message: |
jenkins:
systemMessage: Welcome to the CI/CD server for ${project_name}!
global-vars: |
jenkins:
globalNodeProperties:
- envVars:
env:
- key: "PROJECT_NAME"
value: "${project_name}"
- key: "ARTIFACT_HOST"
value: "${sonatype_dns_name_full}"
- key: "DEPLOYMENT_HOST"
value: "${argocd_dns_name_full}"
okta: |
jenkins:
securityRealm:
oic:
clientId: "${clientId}"
clientSecret: "${clientSecret}"
wellKnownOpenIDConfigurationUrl: "${oidcIssuerUrl}/.well-known/openid-configuration"
userInfoServerUrl: "${oidcIssuerUrl}/oauth2/v1/userinfo"
tokenFieldToCheckKey: ""
tokenFieldToCheckValue: ""
fullNameFieldName: "name"
groupsFieldName: "groups"
disableSslVerification: false
logoutFromOpenidProvider: true
endSessionEndpoint: "${oidcIssuerUrl}/oauth2/v1/logout"
postLogoutRedirectUrl: "https://${dns_name_full}"
escapeHatchEnabled: false
escapeHatchUsername: ""
escapeHatchSecret: "my-unused-password"
escapeHatchGroup: ""
automanualconfigure: "auto"
emailFieldName: "email"
userNameField: "name"
tokenServerUrl: "${oidcIssuerUrl}/oauth2/v1/token"
authorizationServerUrl: "${oidcIssuerUrl}/oauth2/v1/authorize"
scopes: "address phone openid profile offline_access groups email"
authorizationStrategy:
roleBased:
roles:
global:
- name: "${project_admin_account}"
permissions:
- "Overall/Administer"
assignments:
- "${project_admin_account}"
- name: "${project_manager_account}"
permissions:
- "Overall/Administer"
assignments:
- "${project_manager_account}"
- name: "${project_reader_account}"
permissions:
- "Overall/Read"
assignments:
- "${project_reader_account}"
- name: "service-account"
permissions:
- "Overall/Read"
- "Credentials/Create"
- "Credentials/Update"
- "Credentials/Delete"
- "Credentials/View"
- "Job/Create"
- "Job/Delete"
- "Job/Discover"
- "Job/Read"
- "Job/Configure"
assignments:
- "${project_automation_account}"
prometheus: |
unclassified:
prometheusConfiguration:
appendParamLabel: false
appendStatusLabel: false
collectDiskUsage: false
collectingMetricsPeriodInSeconds: 120
countAbortedBuilds: true
countFailedBuilds: true
countNotBuiltBuilds: true
countSuccessfulBuilds: true
countUnstableBuilds: true
defaultNamespace: "default"
fetchTestResults: true
jobAttributeName: "jenkins_job"
path: "prometheus"
processingDisabledBuilds: false
useAuthenticatedEndpoint: true
# The sections below are for adding our root CA to the Jenkins container image.
# - Use an init container to copy the whole Jenkins cert store into the writable volume
# - Concat our root CA cert
customInitContainers:
- name: add-ca-certs
image: "jenkins/jenkins:lts"
imagePullPolicy: Always
command:
- "sh"
- "-c"
- >
cat /etc/ssl/certs/ca-certificates.crt /etc/root-ca/root-ca-cert.pem > /cacerts-share/ca-certificates.crt
&& cp $${JAVA_HOME}/lib/security/cacerts /cacerts-share/cacerts
&& chmod 644 /cacerts-share/cacerts
&& $${JAVA_HOME}/bin/keytool -import -trustcacerts -alias custom-ca-certs -keystore /cacerts-share/cacerts -file /etc/root-ca/root-ca-cert.pem -noprompt -storepass changeit
volumeMounts:
- name: cacerts-share
mountPath: /cacerts-share
- name: root-ca-cert-pem
mountPath: /etc/root-ca
# The sections below are for adding our root CA to the Jenkins container image.
# - Mount the root CA cert (a kubesecret) into the container
# - Make an empty writable volume
# - Mount the modified CA cert store in the container
persistence:
volumes:
- name: cacerts-share
emptyDir: {}
- name: root-ca-cert-pem
secret:
secretName: root-ca
mounts:
- mountPath: /etc/ssl/certs/ca-certificates.crt
name: cacerts-share
subPath: ca-certificates.crt
- mountPath: /opt/java/openjdk/lib/security/cacerts
name: cacerts-share
subPath: cacerts
```
Example crash stack
```
2023-02-07 14:31:30.700+0000 [id=15] INFO i.j.p.casc.TokenReloadAction#doIndex: Configuration reload triggered via token
2023-02-07 14:31:30.720+0000 [id=15] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.csanchez.jenkins.plugins.kubernetes.PodTemplate#listener: type is abstract but not Describable.
2023-02-07 14:31:31.067+0000 [id=15] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.sonatype.nexus.ci.config.GlobalNexusConfiguration#metaClass: type is abstract but not Describable.
at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78)
at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
at org.kohsuke.stapler.IndexDispatcher.dispatch(IndexDispatcher.java:28)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
Caused: javax.servlet.ServletException
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:812)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:690)
at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157)
at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at io.jenkins.plugins.casc.TokenReloadCrumbExclusion.process(TokenReloadCrumbExclusion.java:20)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:128)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:141)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1383)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1305)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:139)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:933)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1077)
at java.base/java.lang.Thread.run(Thread.java:829)
```
Jenkins and plugins versions report
Environment
```text Jenkins: 2.375.2 OS: Linux - 5.10.147+ --- adoptopenjdk:1.5 apache-httpcomponents-client-4-api:4.5.13-138.v4e7d9a_7b_a_e61 authentication-tokens:1.4 bootstrap5-api:5.2.1-3 bouncycastle-api:2.27 branch-api:2.1071.v1a_188a_562481 caffeine-api:2.9.3-65.v6a_47d0f4d1fe checks-api:1.8.1 cloudbees-folder:6.800.v71307ca_b_986b commons-lang3-api:3.12.0-36.vd97de6465d5b_ commons-text-api:1.10.0-27.vb_fa_3896786a_7 configuration-as-code:1569.vb_72405b_80249 credentials:1214.v1de940103927 credentials-binding:523.vd859a_4b_122e6 display-url-api:2.3.7 durable-task:504.vb10d1ae5ba2f echarts-api:5.4.0-1 font-awesome-api:6.2.1-1 git:5.0.0 git-client:4.1.0 instance-identity:142.v04572ca_5b_265 ionicons-api:31.v4757b_6987003 jackson2-api:2.14.2-319.v37853346a_229 jakarta-activation-api:2.0.1-2 jakarta-mail-api:2.0.1-2 javax-activation-api:1.2.0-5 javax-mail-api:1.6.2-5 jaxb:2.3.8-1 jquery3-api:3.6.1-2 junit:1166.va_436e268e972 kubernetes:3845.va_9823979a_744 kubernetes-client-api:6.3.1-206.v76d3b_6b_14db_b kubernetes-credentials:0.10.0 mailer:448.v5b_97805e3767 metrics:4.2.13-420.vea_2f17932dd6 mina-sshd-api-common:2.9.2-50.va_0e1f42659a_a mina-sshd-api-core:2.9.2-50.va_0e1f42659a_a nexus-jenkins-plugin:3.16.476.v410d6968f400 oic-auth:2.5 pipeline-build-step:2.18 pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-groovy-lib:629.vb_5627b_ee2104 pipeline-input-step:466.v6d0a_5df34f81 pipeline-milestone-step:111.v449306f708b_7 pipeline-model-api:2.2118.v31fd5b_9944b_5 pipeline-model-definition:2.2118.v31fd5b_9944b_5 pipeline-model-extensions:2.2118.v31fd5b_9944b_5 pipeline-rest-api:2.31 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2118.v31fd5b_9944b_5 plain-credentials:143.v1b_df8b_d3b_e48 plugin-util-api:2.20.0 popper2-api:2.11.6-2 prometheus:2.1.1 role-strategy:587.v2872c41fa_e51 scm-api:631.v9143df5b_e4a_a script-security:1229.v4880b_b_e905a_6 snakeyaml-api:1.33-90.v80dcb_3814d35 ssh-credentials:305.v8f4381501156 sshd:3.236.ved5e1b_cb_50b_2 structs:324.va_f5d6774f3a_d trilead-api:2.84.v72119de229b_7 variant:59.vf075fe829ccb workflow-aggregator:590.v6a_d052e5a_a_b_5 workflow-api:1208.v0cc7c6e0da_9e workflow-basic-steps:994.vd57e3ca_46d24 workflow-cps:3611.v201b_d9f9eb_f7 workflow-durable-task-step:1223.v7f1a_98a_8863e workflow-job:1268.v6eb_e2ee1a_85a workflow-multibranch:716.vc692a_e52371b_ workflow-scm-step:400.v6b_89a_1317c9a_ workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:839.v35e2736cfd5c ```What Operating System are you using (both controller, and any agents involved in the problem)?
GKE 1.24.8-gke.2000
Reproduction steps
jenkinsci
Helm chart - set jenkins url, roles, build agent, etc.Expected Results
Go to Manage Jenkins - > Configure System. Nexus should be configured with one server per casc.
Actual Results
Crashes, and Jenkins is not fully configured. In addition to Nexus plugin not having any configuration, there are warnings about the build agent and jenkins url not being configured, suggesting the configuration processing from Helm
values.yaml
was interrupted.Anything else?
This very well may be caused by my lack of understanding of how to configure Nexus via casc. I can't find any documentation for it.
I get the following error, which does not occur when I remove the Nexus casc block.
config-reload error
``` [2023-02-06 23:34:50] Received unknown exception: HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /reload-configuration-as-code/ ?casc-reload-token=jenkins-0 (Caused by ResponseError('too many 500 error responses')) Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 846, in urlopen return self.urlopen( File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 846, in urlopen return self.urlopen( File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 846, in urlopen return self.urlopen( [Previous line repeated 2 more times] File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 836, in urlopen retries = retries.increment(method, url, response=response, _pool=self) File "/usr/local/lib/python3.8/site-packages/urllib3/util/retry.py", line 574, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /reload-configuration-as-code/?casc-reload-tok en=jenkins-0 (Caused by ResponseError('too many 500 error responses')) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/app/resources.py", line 239, in _watch_resource_loop _watch_resource_iterator(*args) File "/app/resources.py", line 227, in _watch_resource_iterator request(request_url, request_method, enable_5xx, request_payload) File "/app/helpers.py", line 123, in request res = r.post("%s" % url, auth=auth, json=payload, timeout=REQ_TIMEOUT) File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 590, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 542, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 655, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 507, in send raise RetryError(e, request=request) requests.exceptions.RetryError: HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /reload-configuration-as-code/?casc-reload-token =jenkins-0 (Caused by ResponseError('too many 500 error responses')) ```I can successfully manually configure the plug-in, and the Test Server button verifies it works.
Here are the other
values.yaml
settings.other values.yaml
``` controller: jenkinsUrl: "https://${dns_name_full}" servicePort: 80 serviceType: ClusterIP serviceAnnotations: cloud.google.com/neg: '{"ingress": true}' podAnnotations: kube-vault-sync.github.com/sync: "admin-pwd,kaniko-auth,root-ca,argocd-api-token" admin: existingSecret: "admin-pwd" userKey: "jenkins-admin-user" passwordKey: "jenkins-admin-password" # plugin or plugin:version installPlugins: - kubernetes - workflow-aggregator - git - configuration-as-code installLatestPlugins: true installLatestSpecifiedPlugins: true additionalPlugins: - oic-auth # https://bytesource.net/en/blog/posts/serverless-jenkins-part-1/ - role-strategy - adoptopenjdk - prometheus javaOpts: >- -Dhudson.util.RingBufferLogHandler.defaultSize=4096 jenkinsOpts: "--sessionTimeout=1440" initConfigMap: "init-groovy" ingress: enabled: true hostName: "${dns_name_full}" annotations: ingress.gcp.kubernetes.io/pre-shared-cert: "${gce_ssl_cert_name}" kubernetes.io/ingress.class: "gce-internal" kubernetes.io/ingress.allow-http: "false" external-dns.alpha.kubernetes.io/hostname: "${dns_name_full}." tls: - secretName: "${tls_secret_name}" hosts: - "jenkins.${kubernetes_namespace}.svc.cluster.local" initScripts: setup-known-hosts: | new File("/var/jenkins_home/.ssh").mkdir() File file = new File("/var/jenkins_home/.ssh/known_hosts") file.write '${known_hosts}' file.setReadOnly() projectNamingStrategy: roleBased: forceExistingJobs: false JCasC: # # Manually configure a test Jenkins the way you want it, then view the config in yaml # at https://jenkins.int.${project_name}.nabancard.dev/configuration-as-code/viewExport, # then adapt the relevant fragment to follow the pattern below. # # The inner name like 'welcome-message' is your choice, but it ends up in a configmap # key and must be lowercase alphanumeric with optional middle dashes and dots. # configScripts: welcome-message: | jenkins: systemMessage: Welcome to the CI/CD server for ${project_name}! global-vars: | jenkins: globalNodeProperties: - envVars: env: - key: "PROJECT_NAME" value: "${project_name}" - key: "ARTIFACT_HOST" value: "${sonatype_dns_name_full}" - key: "DEPLOYMENT_HOST" value: "${argocd_dns_name_full}" okta: | jenkins: securityRealm: oic: clientId: "${clientId}" clientSecret: "${clientSecret}" wellKnownOpenIDConfigurationUrl: "${oidcIssuerUrl}/.well-known/openid-configuration" userInfoServerUrl: "${oidcIssuerUrl}/oauth2/v1/userinfo" tokenFieldToCheckKey: "" tokenFieldToCheckValue: "" fullNameFieldName: "name" groupsFieldName: "groups" disableSslVerification: false logoutFromOpenidProvider: true endSessionEndpoint: "${oidcIssuerUrl}/oauth2/v1/logout" postLogoutRedirectUrl: "https://${dns_name_full}" escapeHatchEnabled: false escapeHatchUsername: "" escapeHatchSecret: "my-unused-password" escapeHatchGroup: "" automanualconfigure: "auto" emailFieldName: "email" userNameField: "name" tokenServerUrl: "${oidcIssuerUrl}/oauth2/v1/token" authorizationServerUrl: "${oidcIssuerUrl}/oauth2/v1/authorize" scopes: "address phone openid profile offline_access groups email" authorizationStrategy: roleBased: roles: global: - name: "${project_admin_account}" permissions: - "Overall/Administer" assignments: - "${project_admin_account}" - name: "${project_manager_account}" permissions: - "Overall/Administer" assignments: - "${project_manager_account}" - name: "${project_reader_account}" permissions: - "Overall/Read" assignments: - "${project_reader_account}" - name: "service-account" permissions: - "Overall/Read" - "Credentials/Create" - "Credentials/Update" - "Credentials/Delete" - "Credentials/View" - "Job/Create" - "Job/Delete" - "Job/Discover" - "Job/Read" - "Job/Configure" assignments: - "${project_automation_account}" prometheus: | unclassified: prometheusConfiguration: appendParamLabel: false appendStatusLabel: false collectDiskUsage: false collectingMetricsPeriodInSeconds: 120 countAbortedBuilds: true countFailedBuilds: true countNotBuiltBuilds: true countSuccessfulBuilds: true countUnstableBuilds: true defaultNamespace: "default" fetchTestResults: true jobAttributeName: "jenkins_job" path: "prometheus" processingDisabledBuilds: false useAuthenticatedEndpoint: true # The sections below are for adding our root CA to the Jenkins container image. # - Use an init container to copy the whole Jenkins cert store into the writable volume # - Concat our root CA cert customInitContainers: - name: add-ca-certs image: "jenkins/jenkins:lts" imagePullPolicy: Always command: - "sh" - "-c" - > cat /etc/ssl/certs/ca-certificates.crt /etc/root-ca/root-ca-cert.pem > /cacerts-share/ca-certificates.crt && cp $${JAVA_HOME}/lib/security/cacerts /cacerts-share/cacerts && chmod 644 /cacerts-share/cacerts && $${JAVA_HOME}/bin/keytool -import -trustcacerts -alias custom-ca-certs -keystore /cacerts-share/cacerts -file /etc/root-ca/root-ca-cert.pem -noprompt -storepass changeit volumeMounts: - name: cacerts-share mountPath: /cacerts-share - name: root-ca-cert-pem mountPath: /etc/root-ca # The sections below are for adding our root CA to the Jenkins container image. # - Mount the root CA cert (a kubesecret) into the container # - Make an empty writable volume # - Mount the modified CA cert store in the container persistence: volumes: - name: cacerts-share emptyDir: {} - name: root-ca-cert-pem secret: secretName: root-ca mounts: - mountPath: /etc/ssl/certs/ca-certificates.crt name: cacerts-share subPath: ca-certificates.crt - mountPath: /opt/java/openjdk/lib/security/cacerts name: cacerts-share subPath: cacerts ```Example crash stack
``` 2023-02-07 14:31:30.700+0000 [id=15] INFO i.j.p.casc.TokenReloadAction#doIndex: Configuration reload triggered via token 2023-02-07 14:31:30.720+0000 [id=15] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.csanchez.jenkins.plugins.kubernetes.PodTemplate#listener: type is abstract but not Describable. 2023-02-07 14:31:31.067+0000 [id=15] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.sonatype.nexus.ci.config.GlobalNexusConfiguration#metaClass: type is abstract but not Describable. at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140) at org.kohsuke.stapler.IndexDispatcher.dispatch(IndexDispatcher.java:28) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762) Caused: javax.servlet.ServletException at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:812) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894) at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:690) at org.kohsuke.stapler.Stapler.service(Stapler.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) at io.jenkins.plugins.casc.TokenReloadCrumbExclusion.process(TokenReloadCrumbExclusion.java:20) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:128) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94) at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:141) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:97) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1383) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1305) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) at org.eclipse.jetty.server.Server.handle(Server.java:563) at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:139) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:933) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1077) at java.base/java.lang.Thread.run(Thread.java:829) ```