Considerations for Plugin Installs when using CasC for masters

Issue

  • I am using CasC for masters and requires HTTP Proxy configured to install plugins

  • I am using CasC for masters and using Plugin Catalog with specific URLs

  • CasC plugin installation fails with SNI:

    WARNING c.c.j.c.i.o.j.n.c.DefaultChannelFuture: An exception was thrown by ChannelFutureListener.
    java.net.ConnectException: HostnameVerifier exception
    
  • CasC plugin installation fails with a timeout when using a Proxy:

    SEVERE	c.c.j.c.i.ExtensionInstaller#logErrors: Errors on catalog install: [Expanding configuration -> view-job-filters -> Getting plugin ->  Downloading ->  Unable to download plugin from [https://jenkins-updates.cloudbees.com/download/plugins/view-job-filters/2.3/view-job-filters.hpi]. Connection timed out: jenkins-updates.cloudbees.com/1.2.3.4:443 to https://jenkins-updates.cloudbees.com/download/plugins/view-job-filters/2.3/view-job-filters.hpi]
    SEVERE	c.c.j.c.i.ExtensionInstaller#logErrors: Errors on catalog install: [Expanding configuration -> view-job-filters -> Getting plugin ->  Downloading ->  Unable to download plugin from [https://jenkins-updates.cloudbees.com/download/plugins/view-job-filters/2.3/view-job-filters.hpi]. No response received after 60000]
    
  • CasC plugin installation fails because of redirections:

    Errors on catalog install: [Expanding configuration -> view-job-filters -> Getting plugin -> Downloading -> Response from server was not 200 Successful: 302. ]
    

Environment

Related Issue(s)

  • FNDJEN-2186: Upgrade AsyncHttpClient Library (to support SNI)
  • FNDJEN-3066: Allow redirects for plugin downloading in Installation Manager
  • FNDJEN-3070: Plugins from an https server with SNI certificates cannot be downloaded in Plugin Catalog through Installation Manager
  • FNDJEN-3187: Proxy reconfiguration for casc installation (fixed in 2.249.3.1)

Explanation

Configuration as Code (CasC) for Masters allows to optionally define:

  • a list of plugins that should be installed for a master via plugins.yaml
  • a catalog of plugins available to the master for installation via plugin-catalog.yaml

Those features however are impacted by known issues:

  • using the Jenkins HTTP Proxy is not reliable, at least until version 2.249.3.1
  • the current HTTP client implementation does not support SNI
  • the current HTTP client implementation does not support redirections

The 2 latter examples make it impossible for example to download plugin versions from https://updates.jenkins.io.

Resolution

The fix for FNDJEN-3070 fixes all issues (redirection / SNI / Proxy) and is available since CloudBees CI 2.263.2.2.

The solution is to upgrade to 2.263.2.2 or later.

Workaround

HTTP Proxy

If an HTTP Proxy configuration is required, upgrade to version 2.249.3.3 or later.

Also make sure that the Jenkins HTTP Proxy configuration is added to the jenkins.yaml. For example:

jenkins:
  proxy:
    name: "proxy.example.com"
    noProxyHost: |-
      *.svc.cluster.local
      no.proxy.example1.com
      no.proxy.example2.com
    port: 8080

Redirection

As a workaround, if using an Update Site or Plugin Catalog URLs that cause redirections, use the final URL.

SNI

As a workaround, if using an Update Site or Plugin Catalog URLs that require SNI, use http instead of https.

Other considerations

Have more questions?

0 Comments

Please sign in to leave a comment.