Hi Hugh,
I just started with gocd and I am trying to connect agent to server. I am
running into the same issue you ran into (log pasted below).
I am using ec2 instances for both server and agent. I tried start agent on
the same host as the server first, which was failing with the same error.
So, I tried starting agent on different ec2, still getting the same error.
I also tried the suggestion of removing keystore and restarting the server.
I didnot find guid.txt or agent.jks in /var/lib/go-agent folder or its
subfolder.
Since this thread is an year old, so I thought of checking if you were able
to find any resolution.
2017-10-05 21:52:31,885 ERROR [main] ServerBinaryDownloader:80 - Couldn't
update admin/agent-launcher.jar. Sleeping for 1m. Error:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at
sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710)
at sun.security.ssl.InputRecord.read(InputRecord.java:527)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
at
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
at
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
at
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at
org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at
com.thoughtworks.go.agent.launcher.ServerBinaryDownloader.fetchUpdateCheckHeaders(ServerBinaryDownloader.java:96)
at
com.thoughtworks.go.agent.launcher.ServerBinaryDownloader.downloadIfNecessary(ServerBinaryDownloader.java:72)
at
com.thoughtworks.go.agent.launcher.AgentLauncherImpl.launch(AgentLauncherImpl.java:79)
at
com.thoughtworks.go.agent.bootstrapper.AgentBootstrapper.go(AgentBootstrapper.java:84)
at
com.thoughtworks.go.agent.bootstrapper.AgentBootstrapper.main(AgentBootstrapper.java:65)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.thoughtworks.gocd.Boot.run(Boot.java:58)
at com.thoughtworks.gocd.Boot.main(Boot.java:42)
Thank You,
Ranjith
On Monday, July 11, 2016 at 10:13:55 AM UTC-7, Hugh Acland wrote:
>
> yup. I've deleted that file and restarted everything. Still no agent. Do I
> need to explicitly create a trust for the SSL certificate and give it to
> the agent?
>
> On Monday, July 11, 2016 at 6:03:04 PM UTC+1, Barrow Kwan wrote:
>>
>> Did you see a file called guid.txt? delete it and try again.
>>
>> --
>> Barrow Kwan
>> Sent with Airmail
>>
>> On July 11, 2016 at 9:57:56 AM, Hugh Acland ([email protected]) wrote:
>>
>> I have stopped agent, and looked in /var/lib/go-agent/config. There is an
>> agent.jks which I deleted. Then it starts up again but it just writes
>> another agent.jks and still won't register.
>>
>> The comment at the end of
>> https://www.go.cd/2014/06/05/using-go-cd-with-custom-certificates.html
>> seems to suggest I need to create a trust file???
>>
>> On Monday, July 11, 2016 at 5:41:33 PM UTC+1, Ketan Padegaonkar wrote:
>>>
>>> That explains the behavior that we're seeing here. The agent remembers
>>> the ssl certificate from the first handshake, and refuses to connect if the
>>> certificate changes (unless reconfigured otherwise)
>>>
>>> So if you'd like to use your custom SSL certs on the server, you may
>>> want to stop the agent and blow away the agent truststore file, it's stored
>>> somewhere under /var/lib/go-agent/config.
>>>
>>>
>>>
>>> On Mon, Jul 11, 2016 at 10:04 PM Hugh Acland <[email protected]> wrote:
>>>
>>>> OK! I now know what the problem is. I had followed the instructions
>>>> here:
>>>> https://docs.go.cd/current/installation/ssl_tls/custom_certificate.html
>>>> to run the go-server using a Signed certificate from a proper
>>>> Authority.
>>>>
>>>> When I revert back to using the self-signed certificate (by removing
>>>> the keystore file in /etc/go) then restart the server lo and behold the
>>>> agent now shows up.
>>>>
>>>> Is this a bug?
>>>>
>>>> thanks
>>>>
>>>>
>>>> On Monday, July 11, 2016 at 5:22:07 PM UTC+1, Hugh Acland wrote:
>>>>>
>>>>> Thanks, but I have been waiting for it to show up in the server for
>>>>> literally hours!! Something is still not quite right
>>>>>
>>>>> On Monday, July 11, 2016 at 5:15:02 PM UTC+1, Ketan Padegaonkar wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Mon, Jul 11, 2016 at 9:33 PM Hugh Acland <[email protected]> wrote:
>>>>>>
>>>>>>> go 15767 0.6 6.4 1949232 260744 ? Sl 15:35 0:10
>>>>>>> /usr/lib/jvm/*java*-7-openjdk-amd64/jre/bin/*java*
>>>>>>> -Dcruise.console.publish.interval=10
>>>>>>> -Xms128m -Xmx256m -D*java*.security.egd=file:/dev/./urandom
>>>>>>> -Dagent.launcher.version=Unknown
>>>>>>> -Dagent.plugins.md5=d1a8e4434cbf9868d96efe98147f1c47
>>>>>>> -Dagent.binary.md5=M7VLVRjsxWOPUY6+DhkuBw==
>>>>>>> -Dagent.launcher.md5=dXwGRFnX3o1pgkQggCM/dA== -jar agent.jar
>>>>>>> https://127.0.0.1:8154/go/
>>>>>>>
>>>>>>
>>>>>> This indicates that the agent process is now running, and is
>>>>>> connected to the server. The initial error you mention "Couldn't
>>>>>> update admin/agent-launcher.jar. Sleeping for 1m" generally happens when
>>>>>> the server is booting or is temporarily unavailable. The agent process
>>>>>> should eventually connect after a few minutes.
>>>>>>
>>>>>> Is it possible that the agent is caching the start up settings
>>>>>>> somewhere?
>>>>>>>
>>>>>>
>>>>>> No, you normally start the bootstrapper with port 8153, and it'll
>>>>>> autodetect the ssl port.
>>>>>>
>>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "go-cd" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "go-cd" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> For more options, visit https://groups.google.com/d/optout.
>>
>>
--
You received this message because you are subscribed to the Google Groups
"go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
