Problems launching the slave agent via Java Web Start on Jenkins

17
votes

We have recently upgraded Jenkins to the latest verion.

and since then ive not been able to launch the slaves via Java WebStart through the command line everytime I try to launch it I get "Unable to Launch the application" error

with this in the details panel

CouldNotLoadArgumentException[ Could not load file/URL specified: http://MyServer:8080/computer/Slave1/slave-agent.jnlp]
    at com.sun.javaws.Main.launchApp(Unknown Source)
    at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
    at com.sun.javaws.Main.access$000(Unknown Source)
    at com.sun.javaws.Main$1.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

When try browsing to the Jenkins site and lunching it from there IT WORKS however if you then restart the box then the command line on the start up fails to do the job.

This is the command I am trying to run from the slave 

cd "C:\Program Files (x86)\Java\jre7\bin"
javaws http://MyServer:8080/computer/Slave1/slave-agent.jnlp

The problem is that this used to work. I have also tried updating to the latest version of Java but no luck,

Any Idea anyone?

4
javajenkinsjava-web-start
What happens when you try that link direct from a browser? What is the content of the JNLP file?Andrew Thompson
The "launch" button works from the browser on that particular slave but not through the command lineAltF4_
does wget (or equivalent) work for that url?radai

4 Answers

17
votes

Supposedly, due in most part to posts on the Jenkins forums, this new behavior is due to a fix for a security issue: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04

Two solutions seem to be coming up:

  1. Download the JNLP file (via browser, wget, curl, whatever) then run locally - may require extra parameters.
  2. Go to Manage Jenkins -> Configure Global Security, and under Project-based Matrix Authorization Strategy, enable “connect” in the “slave” section, for user “Anonymous”. This would leave you open to attack where someone emulates a slave (but in my case, on a private work network - that's not an issue.)
9
votes

If you want to leave the JNLP file on the master, and you don't want to open the security hole for Anonymous users to connect as a slave, edit the jenkins-slave.xml file to add the -jnlpCredentials option along with the -jnlpUrl option:

-jnlpCredentials {user}:{apiKey}

where:
user is the username in Jenkins' account database
apiKey is the user's API key (note this is NOT the user's password)

To get the API key for the user, go into:

http://SERVER/user/USER/configure

and click the button to show that user's API key.

1
votes

For me, I had to make sure I had the "anonymous" connect set in jenkins matrix permissions AND I had to hack the JNLP file that is sent down from master.

I would say this is bug in Jenkins in 2.19.2. Basically, in the JNLP file that is pulled down from the server the tunneling argument that contains the master's ip and port gets replaced with the slave ip-addr only.

See the code for the engine.java, [line #308] which is where the exception is thrown from:

https://searchcode.com/codesearch/view/65603521/

Exception looks like: enter image description here

Originally my JNLP file looked like:

<jnlp codebase="http://jenkins-master-ip-addr:8080/computer/Node1/" spec="1.0+">
<information>
    <title>Agent for Node1</title>
    <vendor>Jenkins project</vendor>
    <homepage href="https://jenkins-ci.org/"/>
</information>
<security>
    <all-permissions/>
</security>
<resources>
    <j2se version="1.7+"/>
    <jar href="http://jenkins-master-ip-addr:8080/jnlpJars/remoting.jar"/>
    <property name="hudson.showWindowsServiceInstallLink" value="true"/>
</resources>
<application-desc main-class="hudson.remoting.jnlp.Main">

    <argument>b16fdf4388d98e4be6910218cfb5a9b5fa999bcd8dec90264e525171a3b02fce</argument>
    <argument>Node1</argument>

    <argument>-tunnel</argument>
    <argument>jenkins-slave-ip-addr</argument>

    <argument>-url</argument>
    <argument>http://jenkins-master-ip-addr:8080/</argument>

</application-desc>

The problem is the "-tunnel" arg above. It contains the SLAVE machine's ip-addr only. CHANGING this to the MASTER machine's ip-add AND PORT, fixed it! Below:

    <argument>-tunnel</argument>
    <argument>jenkins-master-ip-addr:9080</argument>
0
votes

Check whether the name Slave1 in commandline and jenkins node defenition are the same.It should be Slave1 in jenkins node also