Re: master to agent connection keeps breaking every 3-4 hours
We have tried putting these on both side, but still facing same issue :( On Thursday, October 1, 2020 at 1:33:57 AM UTC+8 kuisat...@gmail.com wrote: > ideally, on both sides, make it on one side usually is enough. > > El miércoles, 30 de septiembre de 2020 a las 3:22:00 UTC+2, > ashish...@gmail.com escribió: > >> Thanks, are these setting to be applied on master side or slave or both? >> >> On Wednesday, September 30, 2020 at 12:15:23 AM UTC+8 kuisat...@gmail.com >> wrote: >> >>> >>>- Why does agent tries to connect to master when its already >>>connected? >>> >>> That suggests half-closed connections, it means that the agent loses the >>> connection with the Jenkins instance but the FIN notification never arrived >>> to the Jenkins instance so the connection is open in the Jenkins instance >>> side. It could be related to networks equipment and the policies that have >>> for open connections, the recommendation is to tune the TCP stack to keep >>> those connections open with traffic see >>> https://support.cloudbees.com/hc/en-us/articles/115001416548#7tcpretransmissiontimeoutossperhapsincrease >>> >>> El martes, 29 de septiembre de 2020 a las 10:47:22 UTC+2, >>> ashish...@gmail.com escribió: >>> Hi Team, We are using JNLP to connect Mac agent to Linux master node. Jenkins agent keeps disconnecting frequently, and we are getting below logs in master. Can you please suggest how to resolve this? What are the steps to further triage the same. Some of the questions we are trying to answer is: - What is EOFException? - Why does agent tries to connect to master when its already connected? - Why does eventually the ping / connection fails? We keep seeing this pattern in logs too often and too frequently. Any help would be appreciated. Results are same even if we try any of the below options: - Connected using *Launch agent from Browser* - Connected by *starting automator* in Mac which runs shell/zsh to run agent.jar - Connected by running *plist* in Mac * Jenkins environment:* - Jenkins: 2.249.1 - Master Node: Linux RHEL 8.1 - Master Java Version: 1.8.0_242 - Slave System: macOS Catalina, Version 10.15.6 - Slave Java Version: 1.8.0_261 *Connection #xxx failed: java.io.EOFException Sep 29, 2020 2:45:21 AM INFO hudson.TcpSlaveAgentListener$ConnectionHandler run Accepted JNLP4-connect connection #xxx from x.x.x.x/x.x.x.x:57215 Sep 29, 2020 2:45:21 AM INFO org.jenkinsci.remoting.protocol.impl.ConnectionHeadersFilterLayer on Recv[JNLP4-connect connection from x.x.x.x/x.x.x.x:57215] Refusing headers from remote: is already connected to this master. Rejecting this connection.Sep 29, 2020 2:45:31 AM INFO hudson.TcpSlaveAgentListener$ConnectionHandler runConnection #xxx failed: java.io.EOFException Sep 29, 2020 2:45:31 AM INFO hudson.TcpSlaveAgentListener$ConnectionHandler runAccepted JNLP4-connect connection #xxx from x.x.x.x/x.x.x.x:57218 Sep 29, 2020 2:45:32 AM INFO org.jenkinsci.remoting.protocol.impl.ConnectionHeadersFilterLayer onRecv[JNLP4-connect connection from x.x.x.x/x.x.x.x] Refusing headers from remote: is already connected to this master. Rejecting this connection.Sep 29, 2020 2:45:32 AM INFO hudson.slaves.ChannelPinger$1 onDeadPing failed. Terminating the channel JNLP4-connect connection from x.x.x.x/x.x.x.x:57015. java.util.concurrent.TimeoutException: Ping started at 1601318492966 hasn't completed by 1601318732966at hudson.remoting.PingThread.ping(PingThread.java:134)at hudson.remoting.PingThread.run(PingThread.java:90) * TIA >>> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/c8522ac5-64f0-458f-b853-ac874d2ef6b6n%40googlegroups.com.
Re: Can HTML submit button trigger a Jenkins job ?
also, if your authentication is SAML, you will have to use an API Token to call the API. SAML delegate the authentication in your IdP so Jenkins does not process your User and Password only the TOKEN generated by your IdP. El lunes, 2 de noviembre de 2020 a las 18:17:00 UTC+1, jeremy@riftio.com escribió: > simple answer is no. an href cannot include a headers directive or > anything else) > > It can be done using ajax -- > https://stackoverflow.com/questions/374885/can-i-change-the-headers-of-the-http-request-sent-by-the-browser > > > or you could build a proxy that did nothing but add that header. But if > you do that, you might as well allow anonymous users to start jobs and then > the header becomes superfluous (I think). > > On Sunday, November 1, 2020 at 1:49:16 PM UTC-5 shif...@gmail.com wrote: > >> My HTML code is like below where i pass the crumb and try to trigger a >> Jenkins DSL job along with passing parameters: >> >> > action='https://localhost:8080/job/myjob1/buildWithParameters?paramone=myhost1-stop-myfolder >> -H Jenkins-Crumb:d863847724897hghjtg37684yh4j3y9847dsfhkuhd' >> method=POST>> value='START'/> >> >> On the browser i see the URL as: >> >> https://localhost:8080/job/myjob1/buildWithParameters?paramone=myhost1-stop-myfolder%20-H%20Jenkins-Crumb:d863847724897hghjtg37684yh4j3y9847dsfhkuhdI >> >> I frankly have no idea how can I pass the crumb using HTML submit button. >> >> >> I had obtained my crumb from https://localhost:8080/crumbIssuer/api/xml >> >> >> When i click on START button i get >> >> >> HTTP ERROR 403 No valid crumb was included in the request >> >> >> My Jenkins has SAML based SSO for login and I would like the user >> triggering the START button to login with his credentials hence, I do >> not pass the credentials in the URL. >> >> >> The job myjob1 is configured to be triggered remotely. >> >> >> Also, I'm able to trigger the job using curl utility but not sure how-to >> using HTML button. >> >> >> Can you please suggest how to get this to work? >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/0bc457fd-4299-4fb7-8a0f-fb53a80175ebn%40googlegroups.com.
Re: Renew expired certificate for Jenkins SAML plugin
This Keystore is automatically created if you do not configure encryption, the Pac4j needs a key to work even though you do not use encryption. So in general if you do not use sign or encryption in the SAML messages (not related to TLS) you do need to configure anything this file will be used only to make the library work, but your IdP will not request your certificate. If you use encryption, you should configure your own Keystore and manage the keys in there. In the Documentation of the plugin you can found how to configure encryption and how this Keystore works. https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md *Encryption* - If your provider requires encryption or signing, you can specify the keystore details here that should be used. If you do not specify a keystore, the plugin would create one with a key that is valid for a year, this key would be recreate when it expires, by default the key is not exposed in the SP metadata if you do not enable signing. - *Keystore path* - The path to the keystore file created with the keygen command. - *Key Alias* - The alias used in the -alias argument of the keytool< command. - *Keystore password* - The password used in the -storepass argument of the keytool command. - *Private Key password* - The password used in the -keypass argument of keytool. - *Auth Request Signature* - Enable signature of the Redirect Binding Auth Request, If you enable it the encryption and signing key would available in the SP metadata file and URL (JENKINS_URL/securityRealm/metadata). The disable of signing auth request does not work with HTTP redirection binging, it only works for POST binding. El martes, 3 de noviembre de 2020 a las 16:48:28 UTC+1, Igor David escribió: > Hello, > > What is the correct way to renew an expired certificate > (JENKINS_HOME/saml-jenkins-keystore.jks) which is used for SAML Plugin > please? > > https://github.com/jenkinsci/saml-plugin > > In that process, what is the purpose of saml-jenkins-keystore.xml (e.g. is > it generated every time a new certificate is renewed or)? > > I have tried removing JENKINS_HOME/saml-jenkins-keystore.jk, disabling > SAML plugin and re-enabling it again and I do see that it has generated new > certificate, but I am not sure if this is the correct way and what happens > with JENKINS_HOME/saml-jenkins-keystore.xml in that case? > > Thanks in advance. > > Kind regards, > Igor > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e5490d2b-bf6d-47f1-8ed4-513f7e59772dn%40googlegroups.com.
Renew expired certificate for Jenkins SAML plugin
Hello, What is the correct way to renew an expired certificate (JENKINS_HOME/saml-jenkins-keystore.jks) which is used for SAML Plugin please? https://github.com/jenkinsci/saml-plugin In that process, what is the purpose of saml-jenkins-keystore.xml (e.g. is it generated every time a new certificate is renewed or)? I have tried removing JENKINS_HOME/saml-jenkins-keystore.jk, disabling SAML plugin and re-enabling it again and I do see that it has generated new certificate, but I am not sure if this is the correct way and what happens with JENKINS_HOME/saml-jenkins-keystore.xml in that case? Thanks in advance. Kind regards, Igor -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAKjjcZ_ZCsG8ht%3DNB7zWbNF7PWDBheek9L%2BjObKxpsMRAx0jgQ%40mail.gmail.com.
