Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
    Fabrizio Manfredi Furuholmen
    yes it is the same , you have to specify the plugin in the component field
    Philip Hyunsu Cho
    Guys new here need some help on ec2-plugin groovy script
    after updating to 1.50 getting contractor issues
    HI team.. We see the following error with ec2 plugins (ver 1.49.1 and 1.50.1) when trying to launch windows EC2 agents. I raised a JIRA ticket - https://issues.jenkins-ci.org/browse/JENKINS-61006 for the same but haven't heard of any updates on it still. This issue has been noticed only with the windows slaves. Rolling it back to 1.46.1 is bringing the agents up perfectly. Any updates on this would be really appreciated.
    java.net.SocketException: Broken pipe (Write failed)
    at java.net.SocketOutputStream.socketWrite0(Native Method)
    at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)
    at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
    at com.hierynomus.smbj.transport.tcp.direct.DirectTcpTransport.write(DirectTcpTransport.java:75)
    Caused: com.hierynomus.protocol.transport.TransportException
    at com.hierynomus.smbj.transport.tcp.direct.DirectTcpTransport.write(DirectTcpTransport.java:78)
    at com.hierynomus.smbj.connection.Connection.send(Connection.java:297)
    at com.hierynomus.smbj.connection.Connection.sendAndReceive(Connection.java:305)
    at com.hierynomus.smbj.connection.Connection.initiateSessionSetup(Connection.java:244)
    at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:181)
    Caused: com.hierynomus.smbj.common.SMBRuntimeException
    at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:215)
    at hudson.plugins.ec2.win.WinConnection.ping(WinConnection.java:112)
    at hudson.plugins.ec2.win.EC2WindowsLauncher.connectToWinRM(EC2WindowsLauncher.java:173)
    at hudson.plugins.ec2.win.EC2WindowsLauncher.launchScript(EC2WindowsLauncher.java:52)
    at hudson.plugins.ec2.EC2ComputerLauncher.launch(EC2ComputerLauncher.java:48)
    at hudson.slaves.SlaveComputer.lambda$_connect$0(SlaveComputer.java:292)
    at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
    at jenkins.security.ImpersonatingExecutorService$2.call(ImpersonatingExecutorService.java:71)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
    1.50.2 release is broken - “accept-new” is not a valid SSH option
    Last stable release is 1.49….
    Fabrizio Manfredi Furuholmen
    yes for now it is the most safe version
    I would recommend recinding 1.50.1 and 1.50.2 versions
    tips on manually installing 1.49.1?
    Failed Loading plugin Amazon EC2 plugin v1.49.1 (ec2)
    java.lang.IllegalStateException: Expected 1 instance of hudson.diagnosis.OldDataMonitor but got 0
    at hudson.ExtensionList.lookupSingleton(ExtensionList.java:451)
    at hudson.diagnosis.OldDataMonitor.get(OldDataMonitor.java:91)
    at hudson.diagnosis.OldDataMonitor.report(OldDataMonitor.java:223)
    at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:368)
    at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:267)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
    Caused: com.thoughtworks.xstream.converters.ConversionException: Expected 1 instance of hudson.diagnosis.OldDataMonitor but got 0 : Expected 1 instance of hudson.diagnosis.OldDataMonitor but got 0
    ---- Debugging information ----
    message : Expected 1 instance of hudson.diagnosis.OldDataMonitor but got 0
    cause-exception : java.lang.IllegalStateException
    cause-message : Expected 1 instance of hudson.diagnosis.OldDataMonitor but got 0
    class : hudson.plugins.ec2.PluginImpl
    required-type : hudson.plugins.ec2.PluginImpl
    converter-type : hudson.util.RobustReflectionConverter
    path : /hudson.plugins.ec2.PluginImpl
    line number : 4
    version : not available
    ssh -o StrictHostKeyChecking=off -i /tmp/ec2_6874758053699987113.pem ubuntu@ -p 22 java -jar /tmp/remoting.jar -workDir /tmp
    command-line line 0: unsupported option "off".
    not a single one of the checking options is supported via the Jenkins Docker Container.
    ssh -o StrictHostKeyChecking=accept-new -i /tmp/ec2_5423098466597994221.pem ubuntu@ -p 22 java -jar /tmp/remoting.jar -workDir /tmp
    command-line line 0: unsupported option "accept-new
    ssh -o StrictHostKeyChecking=yes -i /tmp/ec2_1432213094080254131.pem ubuntu@ -p 22 java -jar /tmp/remoting.jar -workDir /tmp
    No ECDSA host key is known for and you have requested strict checking
    Alex Earl
    Are you using jenkins/ssh-agent?
    just for the record - this plugin is a love/hate - love the plugin - hate when it gets updated because its always breaking on updates...
    Alex Schittko
    Yeesh and here I was thinking I did something bad updating plugins
    Narayanan Singaram
    In our environment we use ec2-plugin to create windows slaves and execute builds on that node. When launching windows slaves, we noticed the initial WinRM process opens 800+ connection to WinRM port (5985 / 5986) for each slave node.. Upon looking into the code, I see Apache DefaultHttpClient is being used, which does not use any HTTP connection pooling? Any specific reason to not using HTTP connection pooling ? Does WinRM not support re-using connections? This is becoming a serious issue in our environment, if we attempt to launch 18 or more nodes, with in couple of minutes of launching, most of the nodes goes offline due to connection termination error... after analyzing the network transmission data using tcpdump, we found that due to too many short lived connections to WinRM, number of available ports is getting exhausted and ports in TIME_WAIT state getting re-used in Jenkins server, Windows just simply does not acknowledge requests when it detects a port re-use.. Has this issue been observed earlier? Is it worth replacing the DefaultHttpClient with a custom client with pooling http connection manager?
    8 replies
    Raihaan Shouhell
    Looks like you have an older ssh client, the downgrade seems to be a known issue as well. The security fixes require some work it seems. These issues are being looked into.
    Sasha Miroshnychenko
    Has anybody observed the behavior of the plugin when it's getting super slow (scales literally by 1 slave at a time) on launching EC2s with spot-block enabled when AWS has a shortage with spot availability? Usually, the launching of the slaves happens by big chunks when there is a huge queue of waiting for executor builds...
    5 replies

    @res0nance @slide @alok0310 - I have tried connecting to windows 2016 using the ssh method described above and copying the ssh key but I am still unable to connect. Can you please let me know if there are any other steps to be followed?

    Steps followed :

    1. Created a Windows EC2 machine and run the poweshell script provided by @res0nance and made sure I am able to connect via ssh
    2. Created and AMI and configured it in the Jenkins to use Unix method
    3. Provisioned an agent but Jenkins is unable to connect

    Note: I have tested the ssh connectivity of the new agent created by jenkins and I am able to login but Jenkins is unable to login

    INFO: The instance EC2 (AWS-sandbox) - windows-2016 (i-05a178d76ba4XXXX) has a blank console. Maybe the console is yet not available. If enough time has passed, consider changing the key verification strategy or the AMI used by one printing out the host key in the instance console
    Jun 02, 2020 6:20:15 PM hudson.plugins.ec2.EC2Cloud
    INFO: The instance console is blank. Cannot check the key. The connection to EC2 (AWS-sandbox) - windows-2016 (i-05a178d76ba4XXXX) is not allowed
    Jun 02, 2020 6:20:15 PM hudson.plugins.ec2.EC2Cloud
    INFO: Failed to connect via ssh: There was a problem while connecting to XX.XX.XX.XX:22
    Jun 02, 2020 6:20:15 PM hudson.plugins.ec2.EC2Cloud
    INFO: Waiting for SSH to come up. Sleeping 5.
    Jun 02, 2020 6:20:16 PM hudson.plugins.ec2.EC2Cloud
    INFO: Connecting to XX.XX.XX.XX on port 22, with timeout 10000.

    Alex Earl
    Did you open port 22 in your security group?
    Also, it looks like you have the stricter key checking method turned on, I am not sure how to implement that method
    @res0nance I'm wondering if we can get some visibility on our PR here: https://github.com/jenkinsci/ec2-plugin/pull/448/ . If it's all good can we get it merged?
    I also had a lot of problems trying to do the described windows ssh method -- assuming all your ports/etc are set up correctly, it worked for me when i changed cloud configuration --> advanced --> Host Key Verification Strategy to accept-enw
    *accept-new (instead of the default 'check-new hard')

    @slide - Yes port 22 is open. I am able to connect to the server using ssh directly.

    I have tried changing the "Host Key Verification Strategy" to 'accept-new' and off but AWS is terminating the instances within few minutes. Maybe it is thinking as a "man-in-the-middle" attack since I am using public IP to connect.

    Are you using public IP or private IP for connection?

    i am using private IP
    and launching instances into my VPC (with subnet ID also set in cloud config)
    I will give a try with private IP and specifying the subnet ID
    I have a separate question: whenever I try to launch a second node with a different label (but using the same AMI), it never launches and says 'all nodes of label 'mylabel' are offline. I have no global instance cap or other instance caps set. Has anyone encountered that?
    similar issue is documented here - running the grooving script reference also returns '1' for me (not '0') https://groups.google.com/forum/#!topic/jenkinsci-users/fSKahUyrpqs
    Jenkins is able to connect to the "Windows server" after changing the Host Key Policy to "accept-new".
    Thanks for your help

    I also want to test regular connection to Windows EC2 server using "winrm".

    Does anyone have details on how to get it working? I applied all the settings as described in the plugin and created an image but it always hangs at "connecting to (XX.XX.XX.XX) with WinRM as Administrator" and never connects.

    ^ i got stuck at the same spot. spent forever on it, had all ports open, could connect to the relevent ports using telnet, but always hangs. That's why i switched to the ssh method
    Glad to hear you got connected!
    Alex Earl
    I haven't gotten WinRM to work correctly

    I have the same problem as @donepudi369 and @bsubbaraman. I tried to figured it out and I discovered that it is hanging when creating the SMBClient.
    I added some logs to the code:
    log.log(Level.FINE, "Inside WinConnection constructor");
    this.host = host;
    this.username = username;
    this.password = password;
    log.log(Level.FINE, "Creating SMBClient");
    this.smbclient = new SMBClient();
    log.log(Level.FINE, "SMBClient created");

    I can see the Inside WinConnection constructor and Creating SMBClient but it seems like SMBClient() never returns. The "SMBClient created" is never logged.

    @eduardoalmeida - Did you try creating the smb client in the server and creating an AMI from it? so that it doesn't need to create again?
    John LaBarge
    We really need something that doesn't require a PEM file to login into the instance and rather generates the ssh keys on the fly. I've seen some indications that others need this as well and was thinking of doing a PR
    John LaBarge
    Our environment doesn't allow us to use the AWS keys. Instead we use IAM credentials. For ssh purposes we could use the user data to add the generated key for a user and login to the instance from the agent that way.
    did the "StrictHostKeyChecking" options ever get fixed? last time I attempted to run the updated plugin it failed miserably because the ssh options being presented are not compliant with openssh
    John LaBarge
    I haven't seen that error. My problem is it looks for the ssh key using the AWS api and doesn't find it. But it doesn't need it to create the instance anyway.

    Hi, i was tasked to get ec2 in windows working. After spending some hours trying winRM, switched to the openssh was. (i havent read this chat until now, btw on recent enough windows (win10 or win serv 2019) the SSH can be installed with more easily than said above)
    Add-WindowsCapability -Online -Name OpenSSH.Server~~~~
    Start-Service sshd
    Set-Service -Name sshd -StartupType 'Automatic'
    New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

    It hasn't appeared in my mind to run the plugin in linux mode so i just started a java IDE, and rework the EC2WindowsLauncher.java to use SSH (copypasta driven development from Ec2UnixLauncher.java)
    It is on https://github.com/ultinous-dancsa/ec2-plugin/tree/windows-over-ssh-poc
    (its code quality is somewhere between the spagetti and "i just want a working PoC within 3 hours with no prior knowledge")
    It works with password auth, the ami only had the ssh, and java install and a user creation

    Do you plan to implement something like this in the plugin, or i've just read above the unix setting works for windows too if ssh is installed?

    Alex Earl
    I'm sure a PR would be welcome
    I don't really have much freetime for coding, but if nobody takes it over, maybe I'll try to hammer it further.