[JIRA] (JENKINS-54903) Updates through proxy server with authentication not working after update to core 2.152 or higher

1 view
Skip to first unread message

kurt.loupal@rohde-schwarz.com (JIRA)

unread,
Nov 28, 2018, 1:12:03 AM11/28/18
to jenkinsc...@googlegroups.com
Kurt created an issue
 
Jenkins / Bug JENKINS-54903
Updates through proxy server with authentication not working after update to core 2.152 or higher
Issue Type: Bug Bug
Assignee: Unassigned
Attachments: JenkinsPluginManagerIssue.PNG
Components: core
Created: 2018-11-28 06:11
Environment: Jenkins >= 2.152, Server-JRE 1.8.0_191 on Windows Server 2008R2
Priority: Blocker Blocker
Reporter: Kurt

 After update to any Jenkins core higher (as of writing this ticket) then 2.151 I cannot check for updates any more from behind our company's proxy server. Error given by Jenkins Web Frontend is 

There were errors checking the update sites: IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json

So it seems that Jenkins is no longer authenticating to the proxy with the credentials configued in the plugin manager advandced tab.

From the changelog I've seen that there were changes to the update code as part of issue 54459.

So I've tried setting the referenced properties (even with all the spellings as indicated in the issue ticket):

 

-Dhudson.PluginManager.checkUpdateSleepTimeMillis=2500 -Dhudson.PluginManager.CHECK_UPDATE_ATTEMPTS=5 -Dhudson.PluginManager.checkUpdateAttempts=5 

That has changed the duration until the above error appears. But it didn't fix the problem.

 

The update center is configured as indicated in the attached screenshot.
Strange thing is, that pressing the "Validate Proxy" button returns "Success" while the bottom of the same page shows the proxy auth required message (see screenshot). This seems to be very inconsistent.

The Jenkins log contains the following (after setting above properties, same appears 5 times):

 

INFO: The attempt #4 to do the action check updates server failed with an allowed exception:
java.io.IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1894)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
	at hudson.model.DownloadService.loadJSON(DownloadService.java:167)
	at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:186)
	at hudson.PluginManager.checkUpdatesServer(PluginManager.java:1747)
	at hudson.util.Retrier.start(Retrier.java:62)
	at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1718)
	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
	at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
	at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:130)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
	at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:188)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
	at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:239)
	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:215)
	at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88)
	at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:114)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at hudson.plugins.locale.LocaleFilter.doFilter(LocaleFilter.java:42)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:503)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
	at java.lang.Thread.run(Thread.java:748)Nov 28, 2018 6:48:15 AM hudson.util.Retrier start
INFO: Calling the listener of the allowed exception 'Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json' at the attempt #4 to do the action check updates server
Nov 28, 2018 6:48:15 AM hudson.util.Retrier start
WARNING: The attempt #4 to do the action check updates server failed
Nov 28, 2018 6:48:17 AM hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor monitorDetailed
WARNING: Failed to monitor 1sp-slave-bg for Free Temp Space
java.util.concurrent.TimeoutException
	at hudson.remoting.Request$1.get(Request.java:316)
	at hudson.remoting.Request$1.get(Request.java:240)
	at hudson.remoting.FutureAdapter.get(FutureAdapter.java:59)
	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitorDetailed(AbstractAsyncNodeMonitorDescriptor.java:114)
	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitor(AbstractAsyncNodeMonitorDescriptor.java:76)
	at hudson.node_monitors.AbstractNodeMonitorDescriptor$Record.run(AbstractNodeMonitorDescriptor.java:305)Nov 28, 2018 6:48:17 AM hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor monitorDetailed
WARNING: Failed to monitor 1sp-slave-bg for Free Disk Space
java.util.concurrent.TimeoutException
	at hudson.remoting.Request$1.get(Request.java:316)
	at hudson.remoting.Request$1.get(Request.java:240)
	at hudson.remoting.FutureAdapter.get(FutureAdapter.java:59)
	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitorDetailed(AbstractAsyncNodeMonitorDescriptor.java:114)
	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitor(AbstractAsyncNodeMonitorDescriptor.java:76)
	at hudson.node_monitors.AbstractNodeMonitorDescriptor$Record.run(AbstractNodeMonitorDescriptor.java:305)Nov 28, 2018 6:48:17 AM hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor monitorDetailed
WARNING: Failed to monitor 1sp-slave-bg for Free Swap Space
java.util.concurrent.TimeoutException
	at hudson.remoting.Request$1.get(Request.java:316)
	at hudson.remoting.Request$1.get(Request.java:240)
	at hudson.remoting.FutureAdapter.get(FutureAdapter.java:59)
	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitorDetailed(AbstractAsyncNodeMonitorDescriptor.java:114)
	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitor(AbstractAsyncNodeMonitorDescriptor.java:76)
	at hudson.node_monitors.AbstractNodeMonitorDescriptor$Record.run(AbstractNodeMonitorDescriptor.java:305)Nov 28, 2018 6:48:17 AM hudson.util.Retrier start
INFO: Attempt #5 to do the action check updates server
Nov 28, 2018 6:48:18 AM hudson.util.Retrier start
INFO: The attempt #5 to do the action check updates server failed with an allowed exception:
java.io.IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1894)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
	at hudson.model.DownloadService.loadJSON(DownloadService.java:167)
	at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:186)
	at hudson.PluginManager.checkUpdatesServer(PluginManager.java:1747)
	at hudson.util.Retrier.start(Retrier.java:62)
	at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1718)
	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
	at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
	at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:130)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
	at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:188)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
	at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:239)
	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:215)
	at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88)
	at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:114)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at hudson.plugins.locale.LocaleFilter.doFilter(LocaleFilter.java:42)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:503)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
	at java.lang.Thread.run(Thread.java:748)Nov 28, 2018 6:48:18 AM hudson.util.Retrier start
INFO: Calling the listener of the allowed exception 'Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json' at the attempt #5 to do the action check updates server
Nov 28, 2018 6:48:18 AM hudson.util.Retrier start
INFO: Attempted the action check updates server for 5 time(s) with no success
Nov 28, 2018 6:48:18 AM hudson.PluginManager doCheckUpdatesServer
SEVERE: Error checking update sites for 5 attempt(s). Last exception was: IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json

 

 

 

Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

kurt.loupal@rohde-schwarz.com (JIRA)

unread,
Nov 28, 2018, 1:15:04 AM11/28/18
to jenkinsc...@googlegroups.com
Kurt updated an issue
Change By: Kurt
 After *update to any Jenkins core higher (as of writing this ticket) then 2.151* I *cannot check for updates any more* from behind our company's proxy server. Error given by Jenkins Web Frontend is 
{noformat}
There were errors checking the update sites: IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json{noformat}
*So it seems that Jenkins is no longer authenticating to the proxy with the credentials configued in the plugin manager advandced tab.*

From the changelog I've seen that there were changes to the update code as part of
[ issue 54459 |https://issues . jenkins-ci.org/browse/JENKINS-54459].

So I've tried setting the referenced properties (even with all the spellings as indicated in the issue ticket):

 
{noformat}
-Dhudson.PluginManager.checkUpdateSleepTimeMillis=2500 -Dhudson.PluginManager.CHECK_UPDATE_ATTEMPTS=5 -Dhudson.PluginManager.checkUpdateAttempts=5 {noformat}

That has changed the duration until the above error appears. But it didn't fix the problem.

 

The update center is configured as indicated in the attached screenshot.
Strange thing is, that pressing the "Validate Proxy" button returns "Success" while the bottom of the same page shows the proxy auth required message (see screenshot). This seems to be very inconsistent.

The Jenkins log contains the following (after setting above properties, same appears 5 times):

 
{noformat}
{noformat}
 

  Downgrading Jenkins core back to 2.151 immediately removes the issue. So this cannot be related in any way to a changed proxy server configuration.

 

kurt.loupal@rohde-schwarz.com (JIRA)

unread,
Nov 28, 2018, 1:23:04 AM11/28/18
to jenkinsc...@googlegroups.com
Kurt updated an issue
 After *update to any Jenkins core higher (as of writing this ticket) then than 2.151* I *cannot check for updates any more* from behind our company's proxy server. Error given by Jenkins Web Frontend is 

{noformat}
There were errors checking the update sites: IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json{noformat}
*So it seems that Jenkins is no longer authenticating to the proxy with the credentials configued in the plugin manager advandced tab.*

From the changelog I've seen that there were changes to the update code as part of issue 54459.
Setting this to Blocker as we're not able to install any more new plugins or plugin updates with Jenkins Core >= 2.152.

 

martin.moessner@coop.ch (JIRA)

unread,
Nov 28, 2018, 6:37:01 AM11/28/18
to jenkinsc...@googlegroups.com
Martin Mössner commented on Bug JENKINS-54903
 
Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

One possible workaround:

1. Go the "Plugin Manager" "Advanced" tab.
2. Without any change press the "submit" button of the "HTTP Proxy Configuration".
3. Go to the "Updates" tab.
4. Press the "Check now" button.

Works on our prod- and testsystem (V 2.153).

kurt.loupal@rohde-schwarz.com (JIRA)

unread,
Nov 28, 2018, 6:46:02 AM11/28/18
to jenkinsc...@googlegroups.com

kurt.loupal@rohde-schwarz.com (JIRA)

unread,
Nov 28, 2018, 6:51:02 AM11/28/18
to jenkinsc...@googlegroups.com
Kurt commented on Bug JENKINS-54903
 
Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

I can confirm that the workaround does work for us, too.

Martin Mössner Good work! How did you figure that out?
Have you already checked if the problem re-appears after some time or a Jenkins restart? I can't test that on my side at the moment as I cannot restart Jenkins without coordination.

From theses findings, can we conclude, that the issue is related to the proxy credential storage?

Anyway, I think that justifies reducing the severity to Critical (it's still possible to obtain new plugins and updates now).

martin.moessner@coop.ch (JIRA)

unread,
Nov 28, 2018, 7:38:01 AM11/28/18
to jenkinsc...@googlegroups.com

First I've made a change on "no-proxy-hosts". The change itself had nothing to do with proxy functionality, because it was a removement of an old full qualified server. So I was very wondering.

Then the problem re-appears again and so I've submitted again (without change) the HTTP Proxy Configuration.

I don't know how often it re-appears, but still it's happening...

dbeck@cloudbees.com (JIRA)

unread,
Nov 29, 2018, 5:53:02 PM11/29/18
to jenkinsc...@googlegroups.com

Stephen Connolly Does this look like something your merge of JENKINS-48775 could have caused?

Also CC Ramon Leon who got JENKINS-54459 merged, but I'd be more surprised if this is the cause than the other.

 

dbeck@cloudbees.com (JIRA)

unread,
Nov 29, 2018, 5:53:03 PM11/29/18
to jenkinsc...@googlegroups.com

stephen.alan.connolly@gmail.com (JIRA)

unread,
Nov 30, 2018, 7:06:02 AM11/30/18
to jenkinsc...@googlegroups.com
Stephen Connolly commented on Bug JENKINS-54903
 
Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

Daniel Beck its hard to see how JENKINS-48755 could cause this issue:

  1. The code path should be identical to that in place before when the URL is not https... and from the reported exception, the URL is http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json which is http so jenkins48775workaround (Proxy,URL) should be a no-op
  2. The only possible risk of a delta is from the refactoring in this method because that Authenticator was written to use the inverse if condition. I have re-read it 10 times and the refactoring looks sound... but perhaps I am mistaken

dbeck@cloudbees.com (JIRA)

unread,
Nov 30, 2018, 7:16:02 AM11/30/18
to jenkinsc...@googlegroups.com

Too bad we merged both in the same weekly.

That said, to the best of my understanding, https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/jenkins-war/2.152-rc27515.bdf9e4b389d8/ corresponds to https://github.com/jenkinsci/jenkins/commit/bdf9e4b389d8 and includes https://github.com/jenkinsci/jenkins/commit/d4284565e7a3e6b044f6d6df52288e822af02fc4 but not JENKINS-54459.

Could the reporter or one of the watchers run the war in the first link and report back whether the issue occurs on that version?

kurt.loupal@rohde-schwarz.com (JIRA)

unread,
Dec 3, 2018, 1:30:02 AM12/3/18
to jenkinsc...@googlegroups.com
Kurt commented on Bug JENKINS-54903

I'll try my best to coordinate with my colleagues for a time frame for the tests as requested in previous comment.

But sadly we don't have a test instance available. So I can only do it on the productive system which would then be blocked for a couple of reboots.

If I get the chance to test it I'll surely report the results immediately.

manuelramonleonjimenez@gmail.com (JIRA)

unread,
Dec 3, 2018, 12:58:02 PM12/3/18
to jenkinsc...@googlegroups.com

Daniel Beck Also CC Ramon Leon who got JENKINS-54459 merged, but I'd be more surprised if this is the cause than the other., 

The code involved in JENKINS-54459 has nothing to do with the problem, it doesn't touch the way we use proxy or get the json, IMO. What's going on is that now, this code is trying to get the update center for the number of times specified, therefore the error log shows each attempt. But the error is the same as without the retries, that is, a 407 in the update site defined. I cannot understand why the proxy was unset.

dbeck@cloudbees.com (JIRA)

unread,
Dec 3, 2018, 3:30:01 PM12/3/18
to jenkinsc...@googlegroups.com

Stephen Connolly

The workaround described by users above results in the invocation of the DataBoundConstructor. Your "refactoring" of moving the Authenticator creation into that results in it not being called on Jenkins startup, so it's null until the ProxyConfiguration is saved. Does that look about right?

stephen.alan.connolly@gmail.com (JIRA)

unread,
Dec 4, 2018, 8:30:05 AM12/4/18
to jenkinsc...@googlegroups.com

stephen.alan.connolly@gmail.com (JIRA)

unread,
Dec 4, 2018, 8:34:04 AM12/4/18
to jenkinsc...@googlegroups.com

batmat@batmat.net (JIRA)

unread,
Jan 23, 2019, 8:04:03 AM1/23/19
to jenkinsc...@googlegroups.com
Baptiste Mathus started work on Bug JENKINS-54903
 
Change By: Baptiste Mathus
Status: Open In Progress

batmat@batmat.net (JIRA)

unread,
Jan 23, 2019, 8:04:04 AM1/23/19
to jenkinsc...@googlegroups.com

o.v.nenashev@gmail.com (JIRA)

unread,
Jan 26, 2019, 8:21:03 PM1/26/19
to jenkinsc...@googlegroups.com

o.v.nenashev@gmail.com (JIRA)

unread,
Jan 26, 2019, 8:22:03 PM1/26/19
to jenkinsc...@googlegroups.com

o.v.nenashev@gmail.com (JIRA)

unread,
Jan 26, 2019, 8:22:03 PM1/26/19
to jenkinsc...@googlegroups.com

ogondza@gmail.com (JIRA)

unread,
Jan 31, 2019, 7:11:25 AM1/31/19
to jenkinsc...@googlegroups.com

ogondza@gmail.com (JIRA)

unread,
Feb 14, 2019, 5:05:03 AM2/14/19
to jenkinsc...@googlegroups.com

mathieu.rousseau.31@gmail.com (JIRA)

unread,
Jun 7, 2019, 9:59:03 AM6/7/19
to jenkinsc...@googlegroups.com

mathieu.rousseau.31@gmail.com (JIRA)

unread,
Jun 7, 2019, 10:00:08 AM6/7/19
to jenkinsc...@googlegroups.com

mathieu.rousseau.31@gmail.com (JIRA)

unread,
Jun 7, 2019, 10:00:08 AM6/7/19
to jenkinsc...@googlegroups.com

mathieu.rousseau.31@gmail.com (JIRA)

unread,
Jun 7, 2019, 10:00:10 AM6/7/19
to jenkinsc...@googlegroups.com

mathieu.rousseau.31@gmail.com (JIRA)

unread,
Jun 7, 2019, 10:00:12 AM6/7/19
to jenkinsc...@googlegroups.com

mathieu.rousseau.31@gmail.com (JIRA)

unread,
Jun 7, 2019, 10:00:15 AM6/7/19
to jenkinsc...@googlegroups.com

dbeck@cloudbees.com (JIRA)

unread,
Jun 7, 2019, 10:06:03 AM6/7/19
to jenkinsc...@googlegroups.com
Daniel Beck commented on Bug JENKINS-54903
 
Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

Mathieu Rousseau Well, did you click "Submit" right below test URL after entering credentials?

mathieu.rousseau.31@gmail.com (JIRA)

unread,
Jun 11, 2019, 4:11:02 AM6/11/19
to jenkinsc...@googlegroups.com

yes.

also tried:

One possible workaround:

  1. Go the "Plugin Manager" "Advanced" tab.
    2. Without any change press the "submit" button of the "HTTP Proxy Configuration".
    3. Go to the "Updates" tab.
    4. Press the "Check now" button.

no success

 

mathieu.rousseau.31@gmail.com (JIRA)

unread,
Jun 11, 2019, 4:12:03 AM6/11/19
to jenkinsc...@googlegroups.com
Mathieu Rousseau edited a comment on Bug JENKINS-54903
[~danielbeck]

 

yes.

also tried
:

One
the one possible workaround:
# Go the "Plugin Manager" "Advanced" tab.

2. Without any change press the "submit" button of the "HTTP Proxy Configuration".
3. Go to the "Updates" tab.
4. Press the "Check now" button.

no success

 

mathieu.rousseau.31@gmail.com (JIRA)

unread,
Jun 11, 2019, 4:15:02 AM6/11/19
to jenkinsc...@googlegroups.com

mathieu.rousseau.31@gmail.com (JIRA)

unread,
Jun 11, 2019, 4:15:03 AM6/11/19
to jenkinsc...@googlegroups.com
Mathieu Rousseau commented on Bug JENKINS-54903
 
Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

weird thing is that: I can't check the udpates. But I can install new plugins:

 

mathieu.rousseau.31@gmail.com (JIRA)

unread,
Jun 11, 2019, 4:29:02 AM6/11/19
to jenkinsc...@googlegroups.com

dbeck@cloudbees.com (JIRA)

unread,
Jun 11, 2019, 5:12:02 AM6/11/19
to jenkinsc...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages