Issue

• I am using CasC for controllers and requires HTTP Proxy configured to install plugins

• I am using CasC for controllers and using Plugin Catalog with specific URLs

• CasC plugin installation fails with SNI:

  WARNING c.c.j.c.i.o.j.n.c.DefaultChannelFuture: An exception was thrown by ChannelFutureListener.
  java.net.ConnectException: HostnameVerifier exception
  

• CasC plugin installation fails with a timeout when using a Proxy:

  SEVERE	c.c.j.c.i.ExtensionInstaller#logErrors: Errors on catalog install: [Expanding configuration -> view-job-filters -> Getting plugin ->  Downloading ->  Unable to download plugin from [https://jenkins-updates.cloudbees.com/download/plugins/view-job-filters/2.3/view-job-filters.hpi]. Connection timed out: jenkins-updates.cloudbees.com/1.2.3.4:443 to https://jenkins-updates.cloudbees.com/download/plugins/view-job-filters/2.3/view-job-filters.hpi]
  SEVERE	c.c.j.c.i.ExtensionInstaller#logErrors: Errors on catalog install: [Expanding configuration -> view-job-filters -> Getting plugin ->  Downloading ->  Unable to download plugin from [https://jenkins-updates.cloudbees.com/download/plugins/view-job-filters/2.3/view-job-filters.hpi]. No response received after 60000]
  

• CasC plugin installation fails because of redirections:

  Errors on catalog install: [Expanding configuration -> view-job-filters -> Getting plugin -> Downloading -> Response from server was not 200 Successful: 302. ]
  

Environment

• CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller < 2.263.2.2
• CloudBees CI (CloudBees Core) on traditional platforms - Client controller < 2.263.2.2
• CloudBees Jenkins Platform - Client controller < 2.263.2.2
• Configuration as Code (CasC) for Controllers

Related Issue(s)

• FNDJEN-2186: Upgrade AsyncHttpClient Library (to support SNI)
• FNDJEN-3066: Allow redirects for plugin downloading in Installation Manager
• FNDJEN-3070: Plugins from an https server with SNI certificates cannot be downloaded in Plugin Catalog through Installation Manager
• FNDJEN-3187: Proxy reconfiguration for casc installation (fixed in 2.249.3.1)

Explanation

Configuration as Code (CasC) for controllers allows to optionally define:

• a list of plugins that should be installed for a controller via plugins.yaml
• a catalog of plugins available to the controller for installation via plugin-catalog.yaml

Those features however are impacted by known issues:

• using the Jenkins HTTP Proxy is not reliable, at least until version 2.249.3.1
• the current HTTP client implementation does not support SNI
• the current HTTP client implementation does not support redirections

The 2 latter examples make it impossible for example to download plugin versions from https://updates.jenkins.io.

Resolution

The fix for FNDJEN-3070 fixes all issues (redirection / SNI / Proxy) and is available since CloudBees CI 2.263.2.2.

The solution is to upgrade to 2.263.2.2 or later.

Workaround

HTTP Proxy

If an HTTP Proxy configuration is required, upgrade to version 2.249.3.3 or later.

Also make sure that the Jenkins HTTP Proxy configuration is added to the jenkins.yaml. For example:

jenkins:
  proxy:
    name: "proxy.example.com"
    noProxyHost: |-
      *.svc.cluster.local
      no.proxy.example1.com
      no.proxy.example2.com
    port: 8080

Redirection

As a workaround, if using an Update Site or Plugin Catalog URLs that cause redirections, use the final URL.

SNI

As a workaround, if using an Update Site or Plugin Catalog URLs that require SNI, use http instead of https.

Other considerations

• Plugin Catalog limitations in CasC