[JIRA] (JENKINS-50690) Cannot log in to vSphere with plugin 2.17

2 views
Skip to first unread message

john.peterson@nikon.com (JIRA)

unread,
Apr 9, 2018, 2:57:02 PM4/9/18
to jenkinsc...@googlegroups.com
John peterson created an issue
 
Jenkins / Bug JENKINS-50690
Cannot log in to vSphere with plugin 2.17
Issue Type: Bug Bug
Assignee: Unassigned
Components: vsphere-cloud-plugin
Created: 2018-04-09 18:56
Environment: Jenkins 2.111
Java 8.x
vSphere plugin 2.17
Priority: Major Major
Reporter: John peterson

Upgraded from vSphere plugin 2.16 > 2.17 and we can no longer connect to vSphere.  Among other things, certificate errors and illegal characters warnings.  We have several systems worldwide that have been running for a very many years, and this could end up being problematic.

I suspect it has to do with our naming of jenkins_us1 (the underscore) but that is not clear.  To change the name of all of our jenkins, vSphere,and VM instances starts a domino effect that will not be pretty.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
Atlassian logo

pjdarton@gmail.com (JIRA)

unread,
Sep 24, 2019, 7:18:02 AM9/24/19
to jenkinsc...@googlegroups.com
pjdarton closed an issue as Not A Defect
 

Version 2.17 enabled HTTPS certificate validation by default. Prior to that, the vSphere plugin always disabled SSL certificate validation, which was a security flaw as it opened up Jenkins to a man-in-the-middle attack.
FYI the security fix there was to change a "disable security check" boolean that was hard-coded to "true" into a user-configurable field that defaulted to "false" for anyone upgrading.

So, while 2.17 fixed that security flaw by enabling SSL validation, you can turn it off again through the configuration UI which, while that leaves you an in insecure state (just like 2.16 and earlier), it means that the way the plugin connects is exactly the same as it was in 2.16 and earlier.

So, short term, you can tick the "Disable SSL Check" box (Manage Jenkins -> Configure System, scroll down to the vSphere Cloud section).
Long term, I think you're going to have to fix your certificate errors so that you don't have to disable security features to make things work...
Change By: pjdarton
Status: Open Closed
Resolution: Not A Defect
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages