Hi,

Thank you for your update.

As you can clearly see from my previous email I'm running OpenShift 3.5:
# oc version
oc v1.5.1
kubernetes v1.5.2+43a9be4
features: Basic-Auth GSSAPI Kerberos SPNEGO

# origin version
origin v1.5.1
kubernetes v1.5.2+43a9be4
etcd 3.1.0


Regarding your question and suggestions around OAUTH I ran official
openshift jenkins2 ephemeral template and that either doesn't work.

some data:

[root@master ~]# oc get pods
NAME              READY     STATUS    RESTARTS   AGE
jenkins-1-j267m   1/1       Running   0          5m
[root@master ~]# oc describe pod jenkins-1-j267m
Name:                   jenkins-1-j267m
Namespace:              jenkins
Security Policy:        restricted
Node:                   node2.hr4.local/192.168.1.62
Start Time:             Wed, 09 Aug 2017 09:39:29 +0100
Labels:                 deployment=jenkins-1
                        deploymentconfig=jenkins
                        name=jenkins
Status:                 Running
IP:                     10.129.0.26
Controllers:            ReplicationController/jenkins-1
Containers:
  jenkins:
    Container ID:
docker://22573e42063109528896bdeb7de54f45c7251d71c3ae2321a1d6fea94404d01f
    Image:              openshift/jenkins-2-centos7@sha256
:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712
    Image ID:           docker-pullable://
docker.io/openshift/jenkins-2-centos7@sha256:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712
    Port:
    Limits:
      memory:   1Gi
    Requests:
      memory:           1Gi
    State:              Running
      Started:          Wed, 09 Aug 2017 09:41:59 +0100
    Ready:              True
    Restart Count:      0
    Liveness:           http-get http://:8080/login delay=420s timeout=3s
period=10s #success=1 #failure=30
    Readiness:          http-get http://:8080/login delay=3s timeout=3s
period=10s #success=1 #failure=3
    Volume Mounts:
      /var/lib/jenkins from jenkins-data (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from
jenkins-token-txv72 (ro)
    Environment Variables:
      OPENSHIFT_ENABLE_OAUTH:           true
      OPENSHIFT_ENABLE_REDIRECT_PROMPT: true
      OPENSHIFT_JENKINS_JVM_ARCH:       x86_64
      KUBERNETES_MASTER:                https://kubernetes.default:443
      KUBERNETES_TRUST_CERTIFICATES:    true
      JNLP_SERVICE_NAME:                jenkins-jnlp
Conditions:
  Type          Status
  Initialized   True
  Ready         True
  PodScheduled  True
Volumes:
  jenkins-data:
    Type:       EmptyDir (a temporary directory that shares a pod's
lifetime)
    Medium:
  jenkins-token-txv72:
    Type:       Secret (a volume populated by a Secret)
    SecretName: jenkins-token-txv72
QoS Class:      Burstable
Tolerations:    <none>
Events:
  FirstSeen     LastSeen        Count   From
 SubObjectPath                   Type            Reason          Message
  ---------     --------        -----   ----
 -------------                   --------        ------          -------
  5m            5m              1       {default-scheduler }
                             Normal          Scheduled       Successfully
assigned jenkins-1-j267m to node2.hr4.local
  5m            5m              1       {kubelet node2.hr4.local}
spec.containers{jenkins}        Normal          Pulling         pulling
image "openshift/jenkins-2-centos7@sha256
:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712"
  2m            2m              1       {kubelet node2.hr4.local}
spec.containers{jenkins}        Normal          Pulled
 Successfully pulled image "openshift/jenkins-2-centos7@sha256
:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712"
  2m            2m              1       {kubelet node2.hr4.local}
spec.containers{jenkins}        Normal          Created         Created
container with docker id 22573e420631; Security:[seccomp=unconfined]
  2m            2m              1       {kubelet node2.hr4.local}
spec.containers{jenkins}        Normal          Started         Started
container with docker id 22573e420631
  2m            1m              5       {kubelet node2.hr4.local}
spec.containers{jenkins}        Warning         Unhealthy       Readiness
probe failed: HTTP probe failed with statuscode: 503
  1m            23s             6       {kubelet node2.hr4.local}
spec.containers{jenkins}        Warning         Unhealthy       Readiness
probe failed: Get http://10.129.0.26:8080/login: net/http: request canceled
(Client.Timeout exceeded while awaiting headers)

[root@node2 ~]# docker inspect 22573e420631
[
    {
        "Id":
"22573e42063109528896bdeb7de54f45c7251d71c3ae2321a1d6fea94404d01f",
        "Created": "2017-08-09T08:41:58.321766924Z",
        "Path": "/usr/libexec/s2i/run",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 99830,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2017-08-09T08:41:59.594662533Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image":
"sha256:8dda791f1c46d2ea35867fd1fa89e64519f0bda17b1d26b2ac6cf92bc8966268",
        "ResolvConfPath":
"/var/lib/docker/containers/59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b/resolv.conf",
        "HostnamePath":
"/var/lib/docker/containers/59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b/hostname",
        "HostsPath":
"/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/etc-hosts",
        "LogPath": "",
        "Name":
"/k8s_jenkins.ca203105_jenkins-1-j267m_jenkins_42102c09-7cde-11e7-9a6c-525400c269f8_b0e27732",
        "RestartCount": 0,
        "Driver": "devicemapper",
        "MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c10,c0",
        "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c10,c0",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [

"/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/
kubernetes.io~empty-dir/jenkins-data:/var/lib/jenkins:Z",

"/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/
kubernetes.io~secret/jenkins-token-txv72:/var/run/secrets/
kubernetes.io/serviceaccount:ro,Z",

"/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/etc-hosts:/etc/hosts:Z",

"/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/containers/jenkins/b0e27732:/dev/termination-log:Z"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "journald",
                "Config": {}
            },
            "NetworkMode":
"container:59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b",
            "PortBindings": null,
            "RestartPolicy": {
                "Name": "",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": [
                "KILL",
                "MKNOD",
                "SETGID",
                "SETUID",
                "SYS_CHROOT"
            ],
            "Dns": null,
            "DnsOptions": null,
            "DnsSearch": null,
            "ExtraHosts": null,
            "GroupAdd": [
                "1000090000"
            ],
            "IpcMode":
"container:59d10a28ec1b911ef5b38f1e42d5b1178681e5c488678c7002a36e844519b40b",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 730,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": [
                "seccomp=unconfined",
                "label=level:s0:c10,c0"
            ],
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "docker-runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 2,
            "Memory": 1073741824,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": -1,
            "MemorySwappiness": -1,
            "OomKillDisable": false,
            "PidsLimit": 0,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0
        },
        "GraphDriver": {
            "Name": "devicemapper",
            "Data": {
                "DeviceId": "956",
                "DeviceName":
"docker-253:0-2491527-6352b1d19f04272bc621e44bcf1b49f4a832886bdfb1d30359bae7b458fc0bb8",
                "DeviceSize": "10737418240"
            }
        },
        "Mounts": [
            {
                "Source":
"/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/
kubernetes.io~empty-dir/jenkins-data",
                "Destination": "/var/lib/jenkins",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Source":
"/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/volumes/
kubernetes.io~secret/jenkins-token-txv72",
                "Destination": "/var/run/secrets/
kubernetes.io/serviceaccount",
                "Mode": "ro,Z",
                "RW": false,
                "Propagation": "rprivate"
            },
            {
                "Source":
"/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/etc-hosts",
                "Destination": "/etc/hosts",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Source":
"/var/lib/origin/openshift.local.volumes/pods/42102c09-7cde-11e7-9a6c-525400c269f8/containers/jenkins/b0e27732",
                "Destination": "/dev/termination-log",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Config": {
            "Hostname": "jenkins-1-j267m",
            "Domainname": "",
            "User": "1000090000",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "50000/tcp": {},
                "8080/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "OPENSHIFT_ENABLE_OAUTH=true",
                "OPENSHIFT_ENABLE_REDIRECT_PROMPT=true",
                "OPENSHIFT_JENKINS_JVM_ARCH=x86_64",
                "KUBERNETES_MASTER=https://kubernetes.default:443";,
                "KUBERNETES_TRUST_CERTIFICATES=true",
                "JNLP_SERVICE_NAME=jenkins-jnlp",
                "JENKINS_JNLP_PORT_50000_TCP_ADDR=172.30.98.196",
                "JENKINS_PORT=tcp://172.30.125.4:80",
                "KUBERNETES_PORT_53_UDP=udp://172.30.0.1:53",
                "KUBERNETES_PORT_53_TCP=tcp://172.30.0.1:53",
                "KUBERNETES_PORT_53_TCP_ADDR=172.30.0.1",
                "JENKINS_SERVICE_PORT_WEB=80",
                "JENKINS_JNLP_SERVICE_HOST=172.30.98.196",
                "KUBERNETES_SERVICE_PORT=443",
                "KUBERNETES_SERVICE_PORT_HTTPS=443",
                "KUBERNETES_SERVICE_PORT_DNS=53",
                "KUBERNETES_PORT_443_TCP_ADDR=172.30.0.1",
                "KUBERNETES_PORT_53_UDP_PROTO=udp",
                "KUBERNETES_PORT_53_UDP_PORT=53",
                "KUBERNETES_PORT_53_UDP_ADDR=172.30.0.1",
                "JENKINS_JNLP_SERVICE_PORT=50000",
                "JENKINS_JNLP_SERVICE_PORT_AGENT=50000",
                "JENKINS_JNLP_PORT_50000_TCP=tcp://172.30.98.196:50000",
                "JENKINS_PORT_80_TCP=tcp://172.30.125.4:80",
                "JENKINS_PORT_80_TCP_ADDR=172.30.125.4",
                "KUBERNETES_SERVICE_HOST=172.30.0.1",
                "KUBERNETES_PORT_443_TCP=tcp://172.30.0.1:443",
                "KUBERNETES_PORT_53_TCP_PROTO=tcp",
                "JENKINS_JNLP_PORT_50000_TCP_PROTO=tcp",
                "JENKINS_JNLP_PORT_50000_TCP_PORT=50000",
                "JENKINS_SERVICE_HOST=172.30.125.4",
                "JENKINS_PORT_80_TCP_PORT=80",
                "KUBERNETES_PORT_443_TCP_PORT=443",
                "JENKINS_JNLP_PORT=tcp://172.30.98.196:50000",
                "JENKINS_PORT_80_TCP_PROTO=tcp",
                "JENKINS_SERVICE_PORT=80",
                "KUBERNETES_PORT=tcp://172.30.0.1:443",
                "KUBERNETES_PORT_53_TCP_PORT=53",
                "KUBERNETES_SERVICE_PORT_DNS_TCP=53",
                "KUBERNETES_PORT_443_TCP_PROTO=tcp",

"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "JENKINS_VERSION=2.46.3",
                "HOME=/var/lib/jenkins",
                "JENKINS_HOME=/var/lib/jenkins",
                "JENKINS_UC=https://updates.jenkins-ci.org";,
                "LANG=en_US.UTF-8",
                "LC_ALL=en_US.UTF-8"
            ],
            "Cmd": [
                "/usr/libexec/s2i/run"
            ],
            "Image": "openshift/jenkins-2-centos7@sha256
:ad29fc43c3f9015a0fdbb3f3ba366ff511303f7f3a0bbb1bc4652ecf70eb3712",
            "Volumes": {
                "/var/lib/jenkins": {}
            },
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "build-date": "20170705",
                "io.kubernetes.container.hash": "ca203105",
                "io.kubernetes.container.name": "jenkins",
                "io.kubernetes.container.restartCount": "0",
                "io.kubernetes.container.terminationMessagePath":
"/dev/termination-log",
                "io.kubernetes.pod.name": "jenkins-1-j267m",
                "io.kubernetes.pod.namespace": "jenkins",
                "io.kubernetes.pod.terminationGracePeriod": "30",
                "io.kubernetes.pod.uid":
"42102c09-7cde-11e7-9a6c-525400c269f8",
                "io.openshift.builder-version": "fc9a5fc",
                "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
                "k8s.io.description": "Jenkins is a continuous integration
server",
                "k8s.io.display-name": "Jenkins 2.46.3",
                "license": "GPLv2",
                "name": "CentOS Base Image",
                "openshift.io.expose-services": "8080:http",
                "openshift.io.tags": "jenkins,jenkins2,ci",
                "vendor": "CentOS"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": null,
            "SandboxKey": "",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": null
        }
    }
]

So I think everything is as it should I believe... but OAUTH doesn't work I
got jenkins login screen when I click on the jenkins URL.

On 8 August 2017 at 18:51, Gabe Montero <gmont...@redhat.com> wrote:

>
>
> On Tue, Aug 8, 2017 at 11:43 AM, Thorvald Hallvardsson <
> thorvald.hallvards...@gmail.com> wrote:
>
>> Hi,
>>
>> I found the problem with Siamak git repo. Plugins.txt refers to
>> blueocean 1.0.0 which doesn't exist anymore. I forked his repo and changed
>> that to 1.0.1 and it builds fine now however I have an OAUTH issues still
>> even on the blueocean image.
>>
>>
>> This is a bit of interesting log I found:
>> Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM
>> org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth setOauth
>> Aug  8 16:38:26 master journal: INFO: OpenShift OAuth: enable oauth set
>> to true force false lastCheck Tue Aug 08 15:38:16 UTC 2017
>> Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM
>> org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth setOauth
>> Aug  8 16:38:26 master journal: INFO: OpenShift OAuth: configured
>> security realm on startup: hudson.security.HudsonPrivateS
>> ecurityRealm@41464f last check Tue Aug 08 15:38:16 UTC 2017
>> Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM
>> org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm
>> populateDefaults
>> Aug  8 16:38:26 master journal: INFO: populateDefaults
>> Aug  8 16:38:26 master journal: java.net.UnknownHostException:
>> openshift.default.svc
>> Aug  8 16:38:26 master journal: #011at java.net.AbstractPlainSocketIm
>> pl.connect(AbstractPlainSocketImpl.java:184)
>> Aug  8 16:38:26 master journal: #011at java.net.SocksSocketImpl.conne
>> ct(SocksSocketImpl.java:392)
>> Aug  8 16:38:26 master journal: #011at java.net.Socket.connect(Socket
>> .java:589)
>> Aug  8 16:38:26 master journal: #011at sun.security.ssl.SSLSocketImpl
>> .connect(SSLSocketImpl.java:673)
>> Aug  8 16:38:26 master journal: #011at sun.net.NetworkClient.doConnec
>> t(NetworkClient.java:175)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.op
>> enServer(HttpClient.java:463)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.op
>> enServer(HttpClient.java:558)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.Htt
>> psClient.<init>(HttpsClient.java:264)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.Htt
>> psClient.New(HttpsClient.java:367)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.Abs
>> tractDelegateHttpsURLConnection.getNewHttpClient(AbstractDel
>> egateHttpsURLConnection.java:191)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.Http
>> URLConnection.plainConnect0(HttpURLConnection.java:1138)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.Http
>> URLConnection.plainConnect(HttpURLConnection.java:1032)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.Abs
>> tractDelegateHttpsURLConnection.connect(AbstractDelegateHttp
>> sURLConnection.java:177)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.Htt
>> psURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
>> Aug  8 16:38:26 master journal: #011at com.google.api.client.http.jav
>> anet.NetHttpRequest.execute(NetHttpRequest.java:93)
>> Aug  8 16:38:26 master journal: #011at com.google.api.client.http.Htt
>> pRequest.execute(HttpRequest.java:972)
>> Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.
>> openshiftlogin.OpenShiftOAuth2SecurityRealm.getOpenShiftUser
>> Info(OpenShiftOAuth2SecurityRealm.java:489)
>> Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.
>> openshiftlogin.OpenShiftOAuth2SecurityRealm.populateDefaults
>> (OpenShiftOAuth2SecurityRealm.java:337)
>> Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.
>> openshiftlogin.OpenShiftOAuth2SecurityRealm.<init>(OpenShift
>> OAuth2SecurityRealm.java:273)
>> Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.
>> openshiftlogin.OpenShiftSetOAuth.setOauth(OpenShiftSetOAuth.java:69)
>> Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.
>> openshiftlogin.OpenShiftPermissionFilter.doFilter(OpenShiftP
>> ermissionFilter.java:106)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r$1.doFilter(PluginServletFilter.java:132)
>> Aug  8 16:38:26 master journal: #011at org.jenkinsci.plugins.ssegatew
>> ay.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r$1.doFilter(PluginServletFilter.java:132)
>> Aug  8 16:38:26 master journal: #011at com.cloudbees.jenkins.support.
>> slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:38)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r$1.doFilter(PluginServletFilter.java:132)
>> Aug  8 16:38:26 master journal: #011at io.jenkins.blueocean.ResourceC
>> acheControl.doFilter(ResourceCacheControl.java:134)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r$1.doFilter(PluginServletFilter.java:132)
>> Aug  8 16:38:26 master journal: #011at jenkins.metrics.impl.MetricsFi
>> lter.doFilter(MetricsFilter.java:125)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r$1.doFilter(PluginServletFilter.java:132)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r.doFilter(PluginServletFilter.java:126)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.Serv
>> letHandler$CachedChain.doFilter(ServletHandler.java:1652)
>> Aug  8 16:38:26 master journal: #011at hudson.security.csrf.CrumbFilt
>> er.doFilter(CrumbFilter.java:49)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.Serv
>> letHandler$CachedChain.doFilter(ServletHandler.java:1652)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:84)
>> Aug  8 16:38:26 master journal: #011at hudson.security.UnwrapSecurity
>> ExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:87)
>> Aug  8 16:38:26 master journal: #011at jenkins.security.ExceptionTran
>> slationFilter.doFilter(ExceptionTranslationFilter.java:117)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:87)
>> Aug  8 16:38:26 master journal: #011at org.acegisecurity.providers.an
>> onymous.AnonymousProcessingFilter.doFilter(AnonymousProcessi
>> ngFilter.java:125)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:87)
>> Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.rememberm
>> e.RememberMeProcessingFilter.doFilter(RememberMeProcessingFi
>> lter.java:135)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:87)
>> Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.AbstractP
>> rocessingFilter.doFilter(AbstractProcessingFilter.java:271)
>> Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM
>> org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm
>> populateDefaults
>> Aug  8 16:38:26 master journal: INFO: OpenShift OAuth returning false
>> with namespace ci SA dir null default /run/secrets/kubernetes.io/ser
>> viceaccount SA name null default null client ID
>>  null default null secret null default [LONG STRING HERE] redirect null
>> default null server null default https:
>> //openshift.default.svc
>> Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM
>> org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm
>> populateDefaults
>> Aug  8 16:38:26 master journal: INFO: populateDefaults
>> Aug  8 16:38:26 master journal: java.net.UnknownHostException:
>> openshift.default.svc
>> Aug  8 16:38:26 master journal: #011at java.net.AbstractPlainSocketIm
>> pl.connect(AbstractPlainSocketImpl.java:184)
>> Aug  8 16:38:26 master journal: #011at java.net.SocksSocketImpl.conne
>> ct(SocksSocketImpl.java:392)
>> Aug  8 16:38:26 master journal: #011at java.net.Socket.connect(Socket
>> .java:589)
>> Aug  8 16:38:26 master journal: #011at sun.security.ssl.SSLSocketImpl
>> .connect(SSLSocketImpl.java:673)
>> Aug  8 16:38:26 master journal: #011at sun.net.NetworkClient.doConnec
>> t(NetworkClient.java:175)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.op
>> enServer(HttpClient.java:463)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.http.HttpClient.op
>> enServer(HttpClient.java:558)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.Htt
>> psClient.<init>(HttpsClient.java:264)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.Htt
>> psClient.New(HttpsClient.java:367)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.Abs
>> tractDelegateHttpsURLConnection.getNewHttpClient(AbstractDel
>> egateHttpsURLConnection.java:191)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.Http
>> URLConnection.plainConnect0(HttpURLConnection.java:1138)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.http.Http
>> URLConnection.plainConnect(HttpURLConnection.java:1032)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.Abs
>> tractDelegateHttpsURLConnection.connect(AbstractDelegateHttp
>> sURLConnection.java:177)
>> Aug  8 16:38:26 master journal: #011at sun.net.www.protocol.https.Htt
>> psURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
>> Aug  8 16:38:26 master journal: #011at com.google.api.client.http.jav
>> anet.NetHttpRequest.execute(NetHttpRequest.java:93)
>> Aug  8 16:38:26 master journal: #011at com.google.api.client.http.Htt
>> pRequest.execute(HttpRequest.java:972)
>> Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.
>> openshiftlogin.OpenShiftOAuth2SecurityRealm.getOpenShiftUser
>> Info(OpenShiftOAuth2SecurityRealm.java:489)
>> Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.
>> openshiftlogin.OpenShiftOAuth2SecurityRealm.populateDefaults
>> (OpenShiftOAuth2SecurityRealm.java:337)
>> Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.
>> openshiftlogin.OpenShiftSetOAuth.setOauth(OpenShiftSetOAuth.java:73)
>> Aug  8 16:38:26 master journal: #011at org.openshift.jenkins.plugins.
>> openshiftlogin.OpenShiftPermissionFilter.doFilter(OpenShiftP
>> ermissionFilter.java:106)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r$1.doFilter(PluginServletFilter.java:132)
>> Aug  8 16:38:26 master journal: #011at org.jenkinsci.plugins.ssegatew
>> ay.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r$1.doFilter(PluginServletFilter.java:132)
>> Aug  8 16:38:26 master journal: #011at com.cloudbees.jenkins.support.
>> slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:38)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r$1.doFilter(PluginServletFilter.java:132)
>> Aug  8 16:38:26 master journal: #011at io.jenkins.blueocean.ResourceC
>> acheControl.doFilter(ResourceCacheControl.java:134)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r$1.doFilter(PluginServletFilter.java:132)
>> Aug  8 16:38:26 master journal: #011at jenkins.metrics.impl.MetricsFi
>> lter.doFilter(MetricsFilter.java:125)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r$1.doFilter(PluginServletFilter.java:132)
>> Aug  8 16:38:26 master journal: #011at hudson.util.PluginServletFilte
>> r.doFilter(PluginServletFilter.java:126)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.Serv
>> letHandler$CachedChain.doFilter(ServletHandler.java:1652)
>> Aug  8 16:38:26 master journal: #011at hudson.security.csrf.CrumbFilt
>> er.doFilter(CrumbFilter.java:49)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.Serv
>> letHandler$CachedChain.doFilter(ServletHandler.java:1652)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:84)
>> Aug  8 16:38:26 master journal: #011at hudson.security.UnwrapSecurity
>> ExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:87)
>> Aug  8 16:38:26 master journal: #011at jenkins.security.ExceptionTran
>> slationFilter.doFilter(ExceptionTranslationFilter.java:117)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:87)
>> Aug  8 16:38:26 master journal: #011at org.acegisecurity.providers.an
>> onymous.AnonymousProcessingFilter.doFilter(AnonymousProcessi
>> ngFilter.java:125)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:87)
>> Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.rememberm
>> e.RememberMeProcessingFilter.doFilter(RememberMeProcessingFi
>> lter.java:135)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:87)
>> Aug  8 16:38:26 master journal: #011at org.acegisecurity.ui.AbstractP
>> rocessingFilter.doFilter(AbstractProcessingFilter.java:271)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:87)
>> Aug  8 16:38:26 master journal: #011at jenkins.security.BasicHeaderPr
>> ocessor.doFilter(BasicHeaderProcessor.java:93)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:87)
>> Aug  8 16:38:26 master journal: #011at org.acegisecurity.context.Http
>> SessionContextIntegrationFilter.doFilter(HttpSessionContextI
>> ntegrationFilter.java:249)
>> Aug  8 16:38:26 master journal: #011at hudson.security.HttpSessionCon
>> textIntegrationFilter2.doFilter(HttpSessionContextInt
>> egrationFilter2.java:67)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter$1.doFilter(ChainedServletFilter.java:87)
>> Aug  8 16:38:26 master journal: #011at hudson.security.ChainedServlet
>> Filter.doFilter(ChainedServletFilter.java:76)
>> Aug  8 16:38:26 master journal: #011at hudson.security.HudsonFilter.d
>> oFilter(HudsonFilter.java:171)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.Serv
>> letHandler$CachedChain.doFilter(ServletHandler.java:1652)
>> Aug  8 16:38:26 master journal: #011at org.kohsuke.stapler.compressio
>> n.CompressionFilter.doFilter(CompressionFilter.java:49)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.Serv
>> letHandler$CachedChain.doFilter(ServletHandler.java:1652)
>> Aug  8 16:38:26 master journal: #011at hudson.util.CharacterEncodingF
>> ilter.doFilter(CharacterEncodingFilter.java:82)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.Serv
>> letHandler$CachedChain.doFilter(ServletHandler.java:1652)
>> Aug  8 16:38:26 master journal: #011at org.kohsuke.stapler.Diagnostic
>> ThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.Serv
>> letHandler$CachedChain.doFilter(ServletHandler.java:1652)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.Serv
>> letHandler.doHandle(ServletHandler.java:585)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handl
>> er.ScopedHandler.handle(ScopedHandler.java:143)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.security.Sec
>> urityHandler.handle(SecurityHandler.java:553)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.sessi
>> on.SessionHandler.doHandle(SessionHandler.java:223)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handl
>> er.ContextHandler.doHandle(ContextHandler.java:1127)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.servlet.Serv
>> letHandler.doScope(ServletHandler.java:515)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.sessi
>> on.SessionHandler.doScope(SessionHandler.java:185)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handl
>> er.ContextHandler.doScope(ContextHandler.java:1061)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handl
>> er.ScopedHandler.handle(ScopedHandler.java:141)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.handl
>> er.HandlerWrapper.handle(HandlerWrapper.java:97)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.Serve
>> r.handle(Server.java:499)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.HttpC
>> hannel.handle(HttpChannel.java:311)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.server.HttpC
>> onnection.onFillable(HttpConnection.java:257)
>> Aug  8 16:38:26 master journal: #011at org.eclipse.jetty.io.AbstractC
>> onnection$2.run(AbstractConnection.java:544)
>> Aug  8 16:38:26 master journal: #011at winstone.BoundedExecutorServic
>> e$1.run(BoundedExecutorService.java:77)
>> Aug  8 16:38:26 master journal: #011at java.util.concurrent.ThreadPoo
>> lExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> Aug  8 16:38:26 master journal: #011at java.util.concurrent.ThreadPoo
>> lExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> Aug  8 16:38:26 master journal: #011at java.lang.Thread.run(Thread.ja
>> va:748)
>> Aug  8 16:38:26 master journal:
>> Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM
>> org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm
>> populateDefaults
>> Aug  8 16:38:26 master journal: INFO: OpenShift OAuth returning false
>> with namespace ci SA dir null default /run/secrets/kubernetes.io/ser
>> viceaccount SA name null default null client ID null default null secret
>> null default [LONG STRING HERE] redirect null default null server null
>> default https://openshift.default.svc
>> Aug  8 16:38:26 master journal: Aug 08, 2017 3:38:26 PM
>> org.openshift.jenkins.plugins.openshiftlogin.OpenShiftSetOAuth setOauth
>> Aug  8 16:38:26 master journal: INFO: OpenShift OAuth: running in
>> OpenShift pod with required OAuth features: false
>>
>>
>> # oc version
>> oc v1.5.1
>> kubernetes v1.5.2+43a9be4
>> features: Basic-Auth GSSAPI Kerberos SPNEGO
>>
>>
>> I think I will just come back to version 3.2 and 3.3 as I didn't have any
>> issues with any of these versions... since version 3.4 I just constantly
>> run into more and more issues :/.
>>
>
> To run with the openshift jenkins oauth integration (i.e. our "login"
> plugin) with the openshift oauth server running in an openshift master, if
> you run with a pre-3.4 master, you have to manually
> configure the plugin in the jenkins image to talk with the oauth server,
> and you had to manually add the jenkins service to the oauth whitelist on
> the master.
>
> From what I'm gathering here you did not previously do that.
>
> With a master at 3.4 or beyond, aside from not having the configure the
> login plugin out of the box if jenkins is running in an openshift pod, the
> templates we shipped for jenkins
> in 3.4 and beyond leverage a new annotation provided by to the oauth
> server that allows the bypassing of the manual whitelist update.
>
> Based on the pod logs you posted, either a) your jenkins image is not
> running in an openshift pod, b) it was a pod instantiated with a pre-3.4
> template, or c) you are running
> against a pre-3.4 openshift master.  Because of that, we cannot
> autoconfigure the oauth integration and fall back to the default jenkins
> authentication.
>
>
>> Thank you for your help.
>>
>>
>> On 8 August 2017 at 16:35, Ben Parees <bpar...@redhat.com> wrote:
>>
>>>
>>>
>>> On Tue, Aug 8, 2017 at 10:52 AM, Thorvald Hallvardsson <
>>> thorvald.hallvards...@gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I'm trying to run jenkins on OpenShift to integrate it nicely with
>>>> pipelines and OAUTH. I have done that in the past and it was all working
>>>> but I'm trying to reproduce what I used to do before and it simply doesn't
>>>> work. I don't know why but from one version to another OpenShift is
>>>> becominbg more and more pain.
>>>>
>>>> I was following official blog article https://blog.openshift
>>>> .com/openshift-pipelines-jenkins-blue-ocean/ which used to work
>>>> however jenkins changed something now and that build simply doesn't work
>>>> anymore:
>>>> Cloning "https://github.com/siamaksade/jenkins-blueocean.git"; ...
>>>> WARNING: timed out waiting for git server, will wait 1m4s
>>>> Commit: 70cff8557908b592d291e6ea0b3a018069b61324 (updated README)
>>>> Author: Siamak Sadeghianfar <ssade...@redhat.com>
>>>> Date: Thu Apr 6 18:48:41 2017 +0700
>>>> ---> Copying repository files ...
>>>> ---> Installing Jenkins 0 plugins using /opt/openshift/plugins.txt ...
>>>> Creating initial locks...
>>>> Locking blueocean:1.0.0
>>>> Analyzing war...
>>>> Downloading plugins...
>>>> Downloading plugin: blueocean from https://updates.jenkins-ci.org
>>>> /download/plugins/blueocean/1.0.0/blueocean.hpi
>>>> Downloading plugin: blueocean-plugin from
>>>> https://updates.jenkins-ci.org/download/plugins/blueocean-pl
>>>> ugin/1.0.0/blueocean-plugin.hpi
>>>> Failed to download plugin: blueocean or blueocean-plugin
>>>> Failed to install plugins.
>>>> error: build error: non-zero (13) exit code from
>>>> openshift/jenkins-2-centos7@sha256:ad29fc43c3f9015a0fdbb3f3b
>>>> a366ff511303f7f3a0bbb1bc4652ecf70eb3712
>>>>
>>>> Simply because second link drops 404... blueocean-plugin.hpi doesn't
>>>> exist anymore.
>>>>
>>>
>>> Sounds like some stuff has bit-rotted in that blog, CCing Siamak in case
>>> he has time to update it.
>>>
>>> But note that we do already install blue ocean in our jenkins centos
>>> image and we'll be adding it to our rhel image most likely in 3.7.
>>>
>>>
>>>
>>>>
>>>>
>>>> I decided OK... I don't need blueocean so I will just go for standard
>>>> Jenkins from OpenShift templates. That did install successfuly but when I
>>>> click on the link it asks for username and password (on Jenkins screen) so
>>>> simply OAUTH doesn't work at all.
>>>>
>>>> The pod has
>>>> # oc exec jenkins-1-28l8x env |grep -i auth
>>>> OPENSHIFT_ENABLE_OAUTH=true
>>>>
>>>> it is running but ... yeah how do I integrate it with my pipelines? Any
>>>> ideas?
>>>>
>>>
>>> Gabe and Mo (on CC) have added some debug for oauth flow failures, what
>>> version of openshift are you running and can you provide openshift master
>>> logs and jenkins pod logs?
>>>
>>>
>>>
>>>
>>>>
>>>> Thanks!
>>>>
>>>> _______________________________________________
>>>> users mailing list
>>>> users@lists.openshift.redhat.com
>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>>>
>>>>
>>>
>>>
>>> --
>>> Ben Parees | OpenShift
>>>
>>>
>>
>
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to