[JENKINS-41730] - Add option to ignore the X-Jenkins-Agent-Protocols header #146
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…header + improve diagnostics - [x] Add the `org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.ignoreJenkinsAgentProtocolsHeader` property, which disables the cache - [x] Print warning in the case if the list of supported protocols is empty - [x] Add documentation
|
🐛 if the server says do not try JNLP2 then do not try JNLP2 as there could be a MiM. Better to have the system property take the list of protocols rather than being a boolean That way for systems needing the assurance of JNLP4 they can keep that assurance |
|
@stephenc OK, will update. Though I feel it causes some fun with order of the protocols. It should be listed at least |
Just say it is the set of protocols to try. the order of protocol attempts is hard-coded |
…dpointResolver.protocolNamesToTry according to the feedback from @stephenc
daniel-beck
reviewed
Feb 7, 2017
|
|
||
| if (agentProtocolNames.isEmpty()) { | ||
| LOGGER.log(Level.WARNING, "Received the empty list of supported protocols from the server. " + | ||
| "All protocols are disabled on the master side OR the 'X-Jenkins-Agent-Protocols' header is corrupted (JENKINS-41730). " + |
There was a problem hiding this comment.
So the problem is that the header is set, but empty? Who the hell does that!?
Shouldn't this also apply to the case that the header isn't set, or do we handle that better anyway?
daniel-beck
approved these changes
Feb 7, 2017
| "to define the supported protocols."); | ||
| } | ||
|
|
||
| LOGGER.log(Level.INFO, "Remoting server accepts the following protocols: {0}", agentProtocolNames); |
There was a problem hiding this comment.
Should this not be in an else block?
There was a problem hiding this comment.
Were you going to address this?
|
@daniel-beck. "No header" is being already handled, because it is a valid
case when new agent connects to the master with old core version.
Regarding the header replacement, this is a HTTPS wrapper being used by one
of CB customers. Cannot say more here, but you can find the support ticket.
I have confirmed that my Nginx-powered HTTPS wrapper returns headers
correctly. So it is likely a configuration issue. But workaround is
reasonable in ang case IMHO (e.g. when a custom agent admin wants to
enforce JNLP4)
…On Feb 7, 2017 11:17 AM, "Daniel Beck" ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In src/main/java/org/jenkinsci/remoting/engine/
JnlpAgentEndpointResolver.java
<#146 (review)>
:
> @@ -173,7 +184,31 @@ public JnlpAgentEndpoint resolve() throws IOException {
}
}
}
+
+ if (agentProtocolNames.isEmpty()) {
+ LOGGER.log(Level.WARNING, "Received the empty list of supported protocols from the server. " +
+ "All protocols are disabled on the master side OR the 'X-Jenkins-Agent-Protocols' header is corrupted (JENKINS-41730). " +
So the problem is that the header is set, but empty? Who the hell does
that!?
Shouldn't this also apply to the case that the header isn't set, or do we
handle that better anyway?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#146 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AC3IoNNlnri-XNeUuJPfo5RpSvKjh7L3ks5raESbgaJpZM4L3h2C>
.
|
Right, just wondered where we draw the line between what's reasonable to support, and what's just too crazy… |
|
@stephenc ping, wdyt? |
stephenc
reviewed
Feb 9, 2017
|
Yes, but there was no sense to fix it before the major blocker got solved |
|
May be a candidate for backporting |
|
I doubt we really want to backport it. |
stephenc
approved these changes
Feb 13, 2017
daniel-beck
approved these changes
Feb 13, 2017
|
@reviewbybees done |
oleg-nenashev
added a commit
that referenced
this pull request
Feb 16, 2017
oleg-nenashev
added a commit
to oleg-nenashev/jenkins
that referenced
this pull request
Feb 17, 2017
https://github.com/jenkinsci/remoting/edit/master/CHANGELOG.md Fixed issues: * [JENKINS-40710](https://issues.jenkins-ci.org/browse/JENKINS-40710) - Match headers case-insensitively in `JnlpAgentEndpointResolver` in order to be compliant with HTTP2 lower-case headers. ([PR jenkinsci#139](jenkinsci/remoting#139), [PR jenkinsci#140](jenkinsci/remoting#140)) * [JENKINS-41513](https://issues.jenkins-ci.org/browse/JENKINS-41513) - Prevent `NullPointerException` in `JnlpAgentEndpointResolver` when receiving a header with `null` name. ([PR jenkinsci#140](jenkinsci/remoting#140)) * [JENKINS-41852](https://issues.jenkins-ci.org/browse/JENKINS-41852) - Fix exported object pinning logic to prevent release due to the integer overflow. ([PR jenkinsci#148](jenkinsci/remoting#148)) Improvements: * [JENKINS-41730](https://issues.jenkins-ci.org/browse/JENKINS-41730) - Add the new `org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.ignoreJenkinsAgentProtocolsHeader` property, which allows specifying a custom list of supported protocols instead of the one returned by the Jenkins master. ([PR jenkinsci#146](jenkinsci/remoting#146)) * Print the Filesystem Jar Cache directory location in the error message when this cache directory is not writable. ([PR jenkinsci#143](jenkinsci/remoting#143)) * Replace `MimicException` with the older `ProxyException` when serializing non-serializable exceptions thrown by the remote code. ([PR jenkinsci#141](jenkinsci/remoting#141)) * Use OID of the `ClassLoaderProxy` in error message when the proxy cannot be located in the export table. ([PR jenkinsci#147](jenkinsci/remoting#147))
olivergondza
pushed a commit
to jenkinsci/jenkins
that referenced
this pull request
Mar 13, 2017
https://github.com/jenkinsci/remoting/edit/master/CHANGELOG.md Fixed issues: * [JENKINS-40710](https://issues.jenkins-ci.org/browse/JENKINS-40710) - Match headers case-insensitively in `JnlpAgentEndpointResolver` in order to be compliant with HTTP2 lower-case headers. ([PR #139](jenkinsci/remoting#139), [PR #140](jenkinsci/remoting#140)) * [JENKINS-41513](https://issues.jenkins-ci.org/browse/JENKINS-41513) - Prevent `NullPointerException` in `JnlpAgentEndpointResolver` when receiving a header with `null` name. ([PR #140](jenkinsci/remoting#140)) * [JENKINS-41852](https://issues.jenkins-ci.org/browse/JENKINS-41852) - Fix exported object pinning logic to prevent release due to the integer overflow. ([PR #148](jenkinsci/remoting#148)) Improvements: * [JENKINS-41730](https://issues.jenkins-ci.org/browse/JENKINS-41730) - Add the new `org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.ignoreJenkinsAgentProtocolsHeader` property, which allows specifying a custom list of supported protocols instead of the one returned by the Jenkins master. ([PR #146](jenkinsci/remoting#146)) * Print the Filesystem Jar Cache directory location in the error message when this cache directory is not writable. ([PR #143](jenkinsci/remoting#143)) * Replace `MimicException` with the older `ProxyException` when serializing non-serializable exceptions thrown by the remote code. ([PR #141](jenkinsci/remoting#141)) * Use OID of the `ClassLoaderProxy` in error message when the proxy cannot be located in the export table. ([PR #147](jenkinsci/remoting#147)) (cherry picked from commit 815da8a)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In particular cases the
X-Jenkins-Agent-Protocolsresponse header may change (e.g. due to the improperly configured proxy). This change adds diagnostics for such case and also adds a system property, which allows working around the issue by sacrificing the performance.org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.ignoreJenkinsAgentProtocolsHeaderproperty, which disables the cachehttps://issues.jenkins-ci.org/browse/JENKINS-41730
@reviewbybees, esp. @stephenc