Closed ganrad closed 8 years ago
@ganrad in the kubernetes plugin configuration in Jenkins, does your Jenkins Tunnel address contain the protocol (http://)? The tunnel address should only contain the host similar to the following configuration
Yes you were right. After I removed the protocol/scheme (http://) from the tunnel URL, the build job ran fine - jenkins-slave pod was spawned and the build job executed fine. But I had to specify the service IP + Port of the 'jenkins-slave' service. The service DNS (SkyDNS) co-ordinates didn't work for me (point # 2 below).
I observed a few other issues (which could be specific to my OSE instance) -
Thanks.
@ganrad which master/slave paradigm are you implementing? Is the jenkins master running in OpenShift or external?
The following are responses your inquiries:
Hope this information helps
I am running both Jenkins Master + Slave in OpenShift (not external master).
Thanks.
Here is some more detailed info.
To execute a build job, the kubernetes plug-in spawns a jenkins-slave pod, executes the job, job finishes OK, then the Pod disconnects from the master, tries to connect again & eventually the pod fails.
[gradhakr@master ~]$ oc get pods
NAME READY STATUS RESTARTS AGE
1398c8488c2f9 1/1 Running 0 2m
jenkins-1-afr0h 1/1 Running 0 3d
jenkins-3-build 0/1 Completed 0 3d
jenkins-slave-2-build 0/1 Completed 0 3d
[gradhakr@master ~]$ oc logs -f 1398c8488c2f9
Running Jenkins JNLP Slave....
Mar 14, 2016 5:48:02 PM hudson.remoting.jnlp.Main createEngine
INFO: Setting up slave: 1398c8488c2f9
Mar 14, 2016 5:48:22 PM hudson.remoting.jnlp.Main$CuiListener
[gradhakr@master ~]$ oc get pods NAME READY STATUS RESTARTS AGE 1398c8488c2f9 0/1 Error 0 7m 139b402006b7d 1/1 Running 0 4m jenkins-1-afr0h 1/1 Running 0 3d jenkins-3-build 0/1 Completed 0 3d
@ganrad I discovered an issue with the system:deployer
role as it did not have sufficient permission to delete pods at the conclusion of Jenkins jobs that correlates to the issue you were facing.
I have updated the documentation to specify the edit role as the name of the role that should be applied to the service accounts.
If you used the default service account, please run the following command:
oc policy add-role-to-user edit system:serviceaccount:jenkins:default
If you created the jenkins service account, please run the following command:
oc policy add-role-to-user edit system:serviceaccount:jenkins:jenkins
Would you be able to apply this change and retest?
Thanks
with this change the pod gets created, job runs, pod gets destroyed.
I am seeing this in the jenkins master logs, but not sure if it is affecting anything:
INFO: Terminating Kubernetes instance for slave 7e7fed0a08
Mar 20, 2016 2:46:29 PM org.csanchez.jenkins.plugins.kubernetes.KubernetesSlave _terminate
INFO: Terminated Kubernetes instance for slave 7e7fed0a08
Mar 20, 2016 2:46:29 PM org.csanchez.jenkins.plugins.kubernetes.KubernetesSlave _terminate
INFO: Disconnected computer 7e7fed0a08
Mar 20, 2016 2:46:29 PM org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud$ProvisioningCallback call
SEVERE: Error in provisioning; slave=KubernetesSlave name:
, template=org.csanchez.jenkins.plugins.kubernetes.PodTemplate@65092771
java.lang.IllegalStateException: Node was deleted, computer is null
at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud$ProvisioningCallback.call(KubernetesCloud.java:376)
at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud$ProvisioningCallback.call(KubernetesCloud.java:311)
at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Mar 20, 2016 2:46:29 PM hudson.remoting.AbstractByteArrayCommandTransport$1 handle
WARNING: Failed to construct Command
java.io.EOFException
at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2332)
at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2801)
at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:801)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:299)
at hudson.remoting.ObjectInputStreamEx.<init>(ObjectInputStreamEx.java:40)
at hudson.remoting.AbstractByteArrayCommandTransport$1.handle(AbstractByteArrayCommandTransport.java:61)
at org.jenkinsci.remoting.nio.NioChannelHub$2.run(NioChannelHub.java:594)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112)
at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Mar 20, 2016 2:46:32 PM hudson.slaves.NodeProvisioner$2 run
WARNING: Provisioned slave Kubernetes Pod Template failed to launch
java.lang.IllegalStateException: Node was deleted, computer is null
at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud$ProvisioningCallback.call(KubernetesCloud.java:376)
at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud$ProvisioningCallback.call(KubernetesCloud.java:311)
at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
@sabre1041 : I assigned the 'edit' role to 'default' service account & ran the jenkins build job - The jenkins-slave pod got spawned, the build executed+completed fine & the slave pod got deleted as well. Adding the 'edit' role to the master pod's service account solved the issue! Thanks much for your help :)
@ganrad glad to hear. I am going to go ahead and close this issue
@itewk if you want to create a new issue for the exception you discovered, please feel free to do so
Getting rid of the http:// worked for me , thx !
@sabre1041 I have a similar issue, Could you provide some help?
I am running jenkins master outside of kubernetes cluster, when running the job, the pod is created, I got the following error
Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior
Warning: SECRET is defined twice in command-line arguments and the environment variable
Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable
Feb 13, 2018 7:02:03 AM hudson.remoting.jnlp.Main createEngine
INFO: Setting up agent: jenkins-slave-n58w4-bdvl7
Feb 13, 2018 7:02:03 AM hudson.remoting.jnlp.Main$CuiListener <init>
INFO: Jenkins agent is running in headless mode.
Feb 13, 2018 7:02:03 AM hudson.remoting.Engine startEngine
WARNING: No Working Directory. Using the legacy JAR Cache location: /home/jenkins/.jenkins/cache/jars
Feb 13, 2018 7:02:03 AM hudson.remoting.jnlp.Main$CuiListener status
INFO: Locating server among [https://MY_JENKINS_IP/]
Feb 13, 2018 7:02:04 AM hudson.remoting.jnlp.Main$CuiListener error
SEVERE: Failed to connect to https://MY_JENKINS_IP/tcpSlaveAgentListener/: java.security.cert.CertificateException: No subject alternative names matching IP address MY_JENKINS_IP found
java.io.IOException: Failed to connect to https://MY_JENKINS_IP/tcpSlaveAgentListener/: java.security.cert.CertificateException: No subject alternative names matching IP address MY_JENKINS_IP found
at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:199)
at hudson.remoting.Engine.innerRun(Engine.java:518)
at hudson.remoting.Engine.run(Engine.java:469)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address MY_JENKINS_IP found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
Looks jnlp agent can't talk to jenkins master. Thanks.
When trying to use the Kubernetes Plug-in to dynamically spawn a jenkins-slave pod, the pod starts and then throws a Illegal tunneling parameter exception. Details pasted below -
[gradhakr@master ose-jenkins-cluster]$ oc get pods NAME READY STATUS RESTARTS AGE 459cef8b6896 0/1 Error 0 29s jenkins-1-afr0h 1/1 Running 0 20m jenkins-1-build 0/1 Error 0 13h jenkins-2-build 0/1 Error 0 12h jenkins-3-build 0/1 Completed 0 12h jenkins-slave-1-build 0/1 Error 0 13h jenkins-slave-2-build 0/1 Completed 0 12h [gradhakr@master ose-jenkins-cluster]$ oc logs 459cef8b6896 Running Jenkins JNLP Slave.... Mar 11, 2016 2:15:41 PM hudson.remoting.jnlp.Main createEngine INFO: Setting up slave: 459cef8b6896 Mar 11, 2016 2:15:41 PM hudson.remoting.jnlp.Main$CuiListener
INFO: Jenkins agent is running in headless mode.
Mar 11, 2016 2:15:41 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Locating server among [http://jenkins-jenkins-ms.ose3.evanbills.com]
Mar 11, 2016 2:15:42 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Handshaking
Mar 11, 2016 2:15:42 PM hudson.remoting.jnlp.Main$CuiListener error
SEVERE: Illegal tunneling parameter: http://172.30.57.190:50000
java.io.IOException: Illegal tunneling parameter: http://172.30.57.190:50000
at hudson.remoting.Engine.connect(Engine.java:309)
at hudson.remoting.Engine.run(Engine.java:242)
[gradhakr@master ose-jenkins-cluster]$ oc get svc NAME CLUSTER_IP EXTERNAL_IP PORT(S) SELECTOR AGE jenkins 172.30.118.72 8080/TCP name=jenkins 13h
jenkins-slave 172.30.57.190 50000/TCP name=jenkins 13h
[gradhakr@master ose-jenkins-cluster]$ curl http://172.30.57.190:50000
Any Idea where I am going wrong. Thanks.