-
-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JENKINS-26580] Activate JNLP3 support #2010
Conversation
This way, the inner-working of the protocol can be kept private within the remoting module, which increases a modularity.
Given that there's only one caller, I think handling AbstractMethodError is better than doing the compatibility method ping pong
Conflicts: core/src/main/java/jenkins/slaves/JnlpAgentReceiver.java pom.xml
cc @akshayabd @oleg-nenashev @jglick Merging this requires a corresponding remoting release |
@@ -55,7 +57,16 @@ | |||
* @throws Exception | |||
* Any exception thrown from this method will fatally terminate the connection. | |||
*/ | |||
public abstract boolean handle(String name, JnlpSlaveHandshake handshake) throws IOException, InterruptedException; | |||
public abstract boolean handle(String name, JnlpServerHandshake handshake) throws IOException, InterruptedException; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It still breaks the binary compatibility, because external classes won't implement the new abstract method. Maybe NIT in the case of remoting
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BTW the invocation below catches the AbstractMethodError
LGTM in general. |
* @deprecated | ||
* Use {@link #handle(String, JnlpServerHandshake)} | ||
*/ | ||
public boolean handle(String name, JnlpSlaveHandshake handshake) throws IOException, InterruptedException { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing @Deprecated
- given the javadoc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One or the other is sufficient.
My plane is about to leave so I can't check this now but does this code correctly call ChannelConfigurator |
if (recv.handle(nodeName,this)) | ||
return; | ||
} catch (AbstractMethodError e) { | ||
if (recv.handle(nodeName,new JnlpSlaveHandshake(this))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks alarming. Why not just retain the original method signature, deprecate it, and delegate?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was much shorter than the ping-pong and loop detection, plus it has the benefit of abstract method clearly marked as such.
The fix of SECURITY-206 includes an assertion in |
You need to |
Wow, Jesse predicted the exact test case that fails!! |
* @author Akshay Dayal | ||
* @since 1.XXX | ||
*/ | ||
@Extension |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initial manual testing looks good - the JNLP node connects with JNLP3 protocol and I can build a project on the node.
I think more stress testing needs to be done before JNLP3 is made the default protocol. In this initial release JNLP3 should only be available if the user explicitly asks for it. There are 3 approaches:
Master-side control
1. Making master support JNLP3 through a flag
2. Making master support JNLP3 through UI option
Node-side control
3. Making node try JNLP3 first using flag
Option 1 can be done in "easy" ways I suppose, this class can check for a boolean system property, if its not set fail and let JNLP2 take over.
Option 2 is a lot of work and I would not favor it.
Option 3 is easy, but requires some extra work for users starting up nodes with JNLP3.
I'm ok with either option 1 or 3, prefer 1 slightly since I like controlling the behavior from the master side, not the node.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, I'll ease this in by making this feature optional in the beginning for a while.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm going to spend some time dusting out the stress-test suites that we used before and run them for JNLP3. Will probably have to modify them a bit to have significant "work" being done for each build instead of just "sleep 5". Will let you know when I'm done.
JNLP3 is activated now for 10% of users. Let's keep it like this for a while and if no major issue occurs we should expose it to everyone.
Conflicts: pom.xml
I discovered that the protocol doesn't gracefully handle a server that doesn't understand the protocol. Needs further tweak in remoting. |
Can somebody help me understand why the PR validation build doesn't pick up http://repo.jenkins-ci.org/snapshots/org/jenkins-ci/main/remoting/2.56-SNAPSHOT/ ? |
FWIW locally it passes all the tests. |
@kohsuke https://repository-jenkins.forge.cloudbees.com/snapshot/org/jenkins-ci/main/remoting/ there is no 2.56-SNAPSHOT version here ....
|
@aheritier see the link I provided above, which is the official snapshot repo for the Jenkins project. Sounds like the issue is that we are not configuring our POMs to refer to that snapshot repository, though it makes me wonder how others have been doing this. |
@kohsuke https://repository-jenkins.forge.cloudbees.com/snapshot/org/jenkins-ci/main/remoting/ is where the build is looking for snapshots instead of http://repo.jenkins-ci.org/snapshots/org/jenkins-ci/main/remoting I agree that the snapshot repo http://repo.jenkins-ci.org/snapshots/org/jenkins-ci/main/remoting should be defined in the POM or in the maven settings For now it's not defined in any POM Thus I imagine that people using SNAPSHOTs are defining the repo in the maven settings used on CI |
The test failure is a fluke |
@kohsuke Great !! |
[FIXED JENKINS-26580] Activate JNLP3 support
Great to see this merged in - thanks @kohsuke! I always recommend caution, I still haven't done enough scale testing to see what sort of [CPU] performance requirements the Ciphers have. Is there a smaller Jenkins cluster you can test this on before activating it on the main https://jenkins.ci.cloudbees.com? |
Also, as I have pointed out, this is a non-NIO implementation and requires one reader thread per slave... I am working on a v4 protocol that uses a new SSLEngine aware NIOHub and hope to have that soon. The consideration of @kohsuke and I is that allowing some encryption of the channel at the cost of threads is more important than waiting while I battle with SSLEngine to deliver a v4 protocol Sent from my iPad
|
@stephenc Yes good catch, I had not considered the NIOHub issue. Performance-wise it would probably make a significant difference. |
[FIXED JENKINS-26580][FIXED JENKINS-28289] Activate JNLP3 support (cherry picked from commit 6d3e054)
This reverts commit af1a53d.
JENKINS-26580
Follow up to jenkinsci/remoting#69 to activate JNLP3 support on the server side