Open chazzly opened 7 years ago
Is there is a link to the change in the upstream code we could reference?
I found the following links in case they would be useful.
Jenkins Bug Report
SSH Slave Plugin Update
There is a new method definition for new hudson.plugins.sshslaves.SSHLauncher
https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/src/main/java/hudson/plugins/sshslaves/SSHLauncher.java#L518-L520
I've been able to patch https://github.com/chef-cookbooks/jenkins/blob/master/libraries/slave_ssh.rb#L103-L120 to the below, which changes the default configuration for the agent.
def launcher_groovy
<<-EOH.gsub(/ ^{8}/, '')
import hudson.plugins.sshslaves.verifiers.*
#{credential_lookup_groovy('credentials')}
launcher =
new hudson.plugins.sshslaves.SSHLauncher(
#{convert_to_groovy(new_resource.host)},
#{convert_to_groovy(new_resource.port)},
credentials,
#{convert_to_groovy(new_resource.jvm_options)},
#{convert_to_groovy(new_resource.java_path)},
null, // jdkInstaller parameter
#{convert_to_groovy(new_resource.command_prefix)},
#{convert_to_groovy(new_resource.command_suffix)},
#{convert_to_groovy(new_resource.launch_timeout)},
#{convert_to_groovy(new_resource.ssh_retries)},
#{convert_to_groovy(new_resource.ssh_wait_retries)},
new KnownHostsFileKeyVerificationStrategy()
)
EOH
end
We could create a property for the Verification Strategy (and possibly jdkInstaller) and translate that into the class name, instead of the new KnownHostsFileKeyVerificationStrategy()
line.
Howdy,
Is there any update on this? It would be helpful in my environment; I'd rather not keep around a local monkey-patched jenkins cookbook.
Thanks much, Best, -dkw
Hello,
This issue is still active, preventing creation on new jenkins agent. We used patching solution provided above by josh-barker, but SSHLauncher constructor is not called correctly and we are suspecting that credentialsId send from https://github.com/chef-cookbooks/jenkins/blob/master/libraries/slave_ssh.rb#L110 is not a string as defined here https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/src/main/java/hudson/plugins/sshslaves/SSHLauncher.java#L251
Can you please look on this problem? Thank you.
ERROR: Unexpected exception occurred while performing groovy command. groovy.lang.GroovyRuntimeException: Could not find matching constructor for: hudson.plugins.sshslaves.SSHLauncher(java.lang.String, java.lang.Integer, com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl, null, null, null, null, null, null, null, hudson.plugins.sshslaves.verifiers.NonVerifyingKeyVerificationStrategy) at groovy.lang.MetaClassImpl.invokeConstructor(MetaClassImpl.java:1732) at groovy.lang.MetaClassImpl.invokeConstructor(MetaClassImpl.java:1532) at org.codehaus.groovy.runtime.callsite.MetaClassConstructorSite.callConstructor(MetaClassConstructorSite.java:49) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallConstructor(CallSiteArray.java:60) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:235) at RemoteClass.run(RemoteClass:75) at groovy.lang.GroovyShell.runScriptOrMainOrTestOrRunnable(GroovyShell.java:263) at groovy.lang.GroovyShell.run(GroovyShell.java:518) at groovy.lang.GroovyShell.run(GroovyShell.java:497) at hudson.cli.GroovyCommand.run(GroovyCommand.java:71) at hudson.cli.CLICommand.main(CLICommand.java:251) at org.jenkinsci.main.modules.sshd.CLICommandAdapter$1.run(CLICommandAdapter.java:37) at org.jenkinsci.main.modules.sshd.AsynchronousCommand$1.run(AsynchronousCommand.java:112) at java.lang.Thread.run(Thread.java:745)
As an FYI I tried many things to get the example that Josh provided to work for me. Also, thank you Josh!
Posting this below in case that helps anyone. See
`def launcher_groovy <<-EOH.gsub(/ ^{8}/, '') import hudson.plugins.sshslaves.verifiers.*
#{credential_lookup_groovy('credentials')}
launcher =
new hudson.plugins.sshslaves.SSHLauncher(
#{convert_to_groovy(new_resource.host)},
#{convert_to_groovy(new_resource.port)},
'<YOUR CRED ID HERE>',
#{convert_to_groovy(new_resource.jvm_options)},
#{convert_to_groovy(new_resource.java_path)},
#{convert_to_groovy(new_resource.command_prefix)},
#{convert_to_groovy(new_resource.command_suffix)},
#{convert_to_groovy(new_resource.launch_timeout)},
#{convert_to_groovy(new_resource.ssh_retries)},
#{convert_to_groovy(new_resource.ssh_wait_retries)},
new KnownHostsFileKeyVerificationStrategy()
)
EOH
end`
Cookbook version
5.0.0
Chef-client version
12.18
Platform Details
Jekins 2.32 ssh-slaves plugin 1.16
Scenario:
Adding ssh Slaves
Steps to Reproduce:
Create an ssh with version 1.15 or higher of the ssh-slaves plug-in
Expected Result:
Slave created with no errors or warnings
Actual Result:
Slave is created successfully, but Jenkins posts a Security warning saying:
SSH Host Key Verifiers are not configured for all SSH slaves on this Jenkins instance. This could leave these slaves open to man-in-the-middle attacks. Update your slave configuration to resolve this.