Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    John LaBarge
    @johnlabarge
    We really need something that doesn't require a PEM file to login into the instance and rather generates the ssh keys on the fly. I've seen some indications that others need this as well and was thinking of doing a PR
    John LaBarge
    @johnlabarge
    Our environment doesn't allow us to use the AWS keys. Instead we use IAM credentials. For ssh purposes we could use the user data to add the generated key for a user and login to the instance from the agent that way.
    tburow
    @tburow
    did the "StrictHostKeyChecking" options ever get fixed? last time I attempted to run the updated plugin it failed miserably because the ssh options being presented are not compliant with openssh
    John LaBarge
    @johnlabarge
    I haven't seen that error. My problem is it looks for the ssh key using the AWS api and doesn't find it. But it doesn't need it to create the instance anyway.
    dancsa
    @dancsa

    Hi, i was tasked to get ec2 in windows working. After spending some hours trying winRM, switched to the openssh was. (i havent read this chat until now, btw on recent enough windows (win10 or win serv 2019) the SSH can be installed with more easily than said above)
    Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
    Start-Service sshd
    Set-Service -Name sshd -StartupType 'Automatic'
    New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

    It hasn't appeared in my mind to run the plugin in linux mode so i just started a java IDE, and rework the EC2WindowsLauncher.java to use SSH (copypasta driven development from Ec2UnixLauncher.java)
    It is on https://github.com/ultinous-dancsa/ec2-plugin/tree/windows-over-ssh-poc
    (its code quality is somewhere between the spagetti and "i just want a working PoC within 3 hours with no prior knowledge")
    It works with password auth, the ami only had the ssh, and java install and a user creation

    Do you plan to implement something like this in the plugin, or i've just read above the unix setting works for windows too if ssh is installed?

    Alex Earl
    @slide
    I'm sure a PR would be welcome
    dancsa
    @dancsa
    I don't really have much freetime for coding, but if nobody takes it over, maybe I'll try to hammer it further.
    Sickafant
    @Sickafant
    Hello. Is anyone aware if there's been interest in supporting AMI aliases? https://aws.amazon.com/about-aws/whats-new/2020/05/amazon-ec2-now-supports-aliases-for-amis/
    pyieh
    @pyieh
    Can I get some visibility on my PR here https://github.com/jenkinsci/ec2-plugin/pull/448/ ? It's been approved and I'd like to get it merged. It fixes a bug we've seen where orphan nodes aren't reconnected if the total number of existing nodes has hit the instance cap.
    mikelmao
    @mikelmao
    Iv been stuck for 3 days trying to get EC2 plugin to work with windows instance
    As suggest by @res0nance I have ran the script to install SSH and try it that way, i am able to connect to SSH from my local computer but i am getting authentication failed if EC2 plugin tries to connect
    From local machine i am connecting with plain username and password, i think maybe im doing something wrong with the whole SSH key? I have no experience with SSH keys so im sure im doing something wrong
    I copied the .pem contents and pasted where it says "public-key-here" in the script, is there anything else i need to do?
    image.png
    mikelmao
    @mikelmao
    Actually i see now that the file i got from EC2 is a private key
    mikelmao
    @mikelmao
    Iv made a public key from it but still same issue :(
    mikelmao
    @mikelmao
    Seems like i got a step further, though now getting this error
    image.png
    mikelmao
    @mikelmao
    Seems like its working now after turning fingerprint checking off :)
    bunchopunch
    @bunchopunch
    Hey, y'all. We're still on 1.50.2 and this morning our EC2 plugin based instances seem to have suddenly stopped allowing us to validate their key during the spin up. They come back with this error:
    The instance EC2 Amazon-Linux 2 (i-xxxxxxxxxxxxx) has a blank console. Maybe the console is yet not available. If enough time has passed, consider changing the key verification strategy or the AMI used by one printing out the host key in the instance console
    ...
    INFO: The instance console is blank. Cannot check the key. The connection to EC2 Amazon-Linux 2 (i-xxxxxxxxxxxxx) is not allowed
    
    ...
    HTTP ERROR 404 Not Found
    What's the best place to start in terms of understanding what could be causing this?
    Alex Earl
    @slide
    It looks like you may need to change your key checking in the cloud config
    bunchopunch
    @bunchopunch
    That was sort of what I was thinking as well. I'm just waiting until after hours to make any configuration changes now.
    My current thought is that maybe changing the key validation from check-hard to accept-new would help. But, I don't really understand why the key would be changing and that make me nervous. Plus, the "blank console" kind of puts a twist on things that makes me question if it's actually a key issue at all.
    bunchopunch
    @bunchopunch
    I think I'm also going to try bumping up to the most recent Amazon Linux 2 ami, which I need to do anyway
    bunchopunch
    @bunchopunch
    As a follow up, I think it was just failing to stand up and connect. Maybe it eventually would have with a longer timeout. I updated to the new Amazon Linux 2 ami and at seems to have started working normally again.
    Bouderballa Akram
    @Bouderballakram_twitter
    Bonjour tout le monde, j'aurai une question à vous poser, je suis entrain de mettre en place JEnkins, j'ai pu connecter mon compte AWS et lancer une instance qui me sert d'agent mais je n'arrive pas à la connecter via WinRM (j'ai une boucle infinie)
    Nick Stires
    @tst-nstires

    Windows EC2 seems super broke. Just updated the plugin, set host key verify to 'Off'

    I verified the ports 5985 and 445 are both listening, and I can telnet in without issue. This worked without issue before I upgraded the plugin.

    Hung at:
    EC2 (MY-JENKINS) - win-on-demand (i-111111111111111) booted at 1595469330000
    Connecting to (10.11.xxx.xxx) with WinRM as administrator

    Alex Earl
    @slide
    @tst-nstires I gave up on WinRM based Windows agents and went with SSH
    Nick Stires
    @tst-nstires
    seems like the only option I guess
    Nick Stires
    @tst-nstires

    I managed to get WinRM back up and running manually updating to this PR build: https://ci.jenkins.io/job/Plugins/job/ec2-plugin/job/PR-481/2/artifact/org/jenkins-ci/plugins/ec2/1.51-rc1179.7d1283eb45d5/ec2-1.51-rc1179.7d1283eb45d5.hpi

    From this PR: jenkinsci/ec2-plugin#481

    What I'm finding is that SMB is able to finally connect. WinRM is still opening a ton of connections that linger on the Windows client side, so I don't think it's 100%. Seems to take a long time to spin up also.

    Alex Schittko
    @alex4108
    Hi when I modify my jenkins master config I get an exception due to a missing field of some sort with this plugin... any advice on resolving it? java.lang.IllegalArgumentException: No enum constant hudson.plugins.ec2.ConnectionStrategy.Private IP
    The plugin is present and functional, it's spinning up nodes and running builds all day. If it weren't working I'd be more keen to hammering at it, alas I may break something in the process so I'd rather ask if anyone has experience with this exception before I start the jackhammer up...
    Scott Sutherland
    @suthsc_gitlab
    I'm running into a weird situation where jobs running on EC2 instances are being killed when the Monitor process decides the node is no longer alive and terminates the node. I'm having a hard time pinning it down. However, it feels like a race condition as a trigger and connectivity issues in evaluating the node still being alive, which causes the termination of the node.
    I'm attempting to get the logging output from EC2SlaveMonitor as well as other classes, but I can't seem to get it to output any messages. The AsyncPeriodicWork logger outputs "Starting EC2.." and "Finished EC2.." messages with no output between them. Is there something specific that I have to do to enable those log messages?
    4 replies
    Scott Sutherland
    @suthsc_gitlab
    I'm speculating that the EC2ConnectionUpdater is preventing the EC2SlaveMonitor from checking the node in most cases due to the timing check here: https://github.com/jenkinsci/ec2-plugin/blob/d4dd09b75d706f916d0ba33f45a67077a536eaf2/src/main/java/hudson/plugins/ec2/EC2AbstractSlave.java#L573-L575
    parameswaranj
    @parameswaranj
    @tst-nstires I agree.. However the new plugin (1.151) released 10 days ago seems to have solved my issues with the WinRM since release version 1.146.1. The longer spin-up times seems to be due to the additional security to prevent the MitM attacks.
    Scott Sutherland
    @suthsc_gitlab
    Is it possible that branch indexing scans executed on the master would consume enough resources to cause the EC2SlaveMonitor to timeout, causing the monitor to believe the agent is dead and subsequently terminating it?
    Our issue always has this kind of time metric: Finished EC2 alive slaves monitor. 91,289 ms
    Most of the time it's something like this: Finished EC2 alive slaves monitor. 84 ms
    I can not find the cause of the discreprency.
    James Brown
    @Roguelazer
    The new version (1.52) appears to break the configuration page. Attempting to set a SSH key using the credential-based system fails with "This URL requires POST".
    Beyond that, I don't understand how you're supposed to set the key-pair's name in EC2 to use it on launch now. Do you have to make the Jenkins key ID match the keypair's name in EC2?
    the documentation doesn't seem to have been updated at all for the new key workflow
    Francisco Robles Martín
    @froblesmartin
    Hi @Roguelazer , there have been some issues with that migration, a hotfix has been already released as 1.53.
    Now you need to create a SSH secret in the Jenkins Credentials storage and then specify it from the EC2 configuration.
    Gustau Pérez
    @gustauperez
    Hi! I'm trying the plugin (1.53) and adding a new cloud fails for me. Error seems to be this: https://pastebin.com/Jww0GG1S I seems the InstanceCapStr is converted to an array and then the constructor is called with an array of Strings, but the constructor expects a String.
    Any help?
    Gustau Pérez
    @gustauperez
    To add more info, downgrading Jenkins to 2.235.2 seems to work
    Gustau Pérez
    @gustauperez
    Also 2.249.2 works. Seems that LTS versions work ok with the ec2-plugin, but the last stable versions don't