jenkins-cli.jar stopped working for not apparent reason

705 views
Skip to first unread message

Eric Fetzer

unread,
Jun 25, 2019, 10:12:58 AM6/25/19
to Jenkins Users
This makes no sense.  When I run the command:

java -cp /my/path/to/jar/jenkins-cli.jar -s http://myJenkinsServer:8080 -i /my/key/id_rsa help

I get:

Neither -s nor the JENKINS_URL env var is specified.
Jenkins CLI
Usage: java -jar jenkins-cli.jar [-s URL] command [opts...] args...
Options:
-s URL       : the server URL (defaults to the JENKINS_URL env var)
-i KEY       : SSH private key file used for authentication
-p HOST:PORT : HTTP proxy host and port for HTTPS proxy tunneling. See http://jenkins-ci.org/https-proxy-tunnel
-noCertificateCheck : bypass HTTPS certificate check entirely. Use with caution
-noKeyAuth   : dont try to load the SSH authentication private key. Conflicts with -i

The available commands depend on the server. Run the help command to
see the list.

So I figure I'll play, and set the env variable even though the -s was in there plain as day.  So I do:

export JENKINS_URL='http://my.JenkinsServer:8080
java -cp /my/path/to/jar/jenkins-cli.jar -jar /my/path/to/jar/jenkins-cli.jar -i /my/key/id_rsa help

I get:


Exception in thread "main" java.io.IOException: Failed to connect to http://my.JenkinsServer:8080/
        at hudson.cli.CLI.getCliTcpPort(CLI.java:271)
        at hudson.cli.CLI.<init>(CLI.java:126)
        at hudson.cli.CLIConnectionFactory.connect(CLIConnectionFactory.java:72)
        at hudson.cli.CLI._main(CLI.java:471)
        at hudson.cli.CLI.main(CLI.java:387)
Caused by: java.net.UnknownHostException: my.JenkinsServer
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:175)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384)
        at java.net.Socket.connect(Socket.java:543)
        at java.net.Socket.connect(Socket.java:492)
        at sun.net.NetworkClient.doConnect(NetworkClient.java:178)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:417)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:519)
        at sun.net.www.http.HttpClient.<init>(HttpClient.java:203)
        at sun.net.www.http.HttpClient.New(HttpClient.java:296)
        at sun.net.www.http.HttpClient.New(HttpClient.java:315)
        at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1004)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:940)
        at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:858)
        at hudson.cli.CLI.getCliTcpPort(CLI.java:269)
        ... 4 more

A week ago I had no issues whatsoever.  Both of these servers were patched since then.  Both servers are RHEL 6.10.  Jenkins version 2.176.1.  Any ideas of what my sudden issue could be or where to start trouble shooting this?

Thanks,
Eric

Eric Fetzer

unread,
Jun 25, 2019, 10:17:53 AM6/25/19
to Jenkins Users
I can figure out why I can't connect on port 8080.  Just need to figure out why all-of-a-sudden, he doesn't understand the -s.

Thanks,
Eric

Eric Fetzer

unread,
Jun 25, 2019, 10:28:43 AM6/25/19
to Jenkins Users
OK, fixed the typo in my export statement and the actual error I'm getting is:

Exception in thread "main" java.io.EOFException
        at java.io.DataInputStream.readFully(DataInputStream.java:197)
        at java.io.DataInputStream.readUTF(DataInputStream.java:609)
        at java.io.DataInputStream.readUTF(DataInputStream.java:564)
        at hudson.cli.CLI.connectViaCliPort(CLI.java:230)
        at hudson.cli.CLI.<init>(CLI.java:126)
        at hudson.cli.CLIConnectionFactory.connect(CLIConnectionFactory.java:72)
        at hudson.cli.CLI._main(CLI.java:471)
        at hudson.cli.CLI.main(CLI.java:387)

The -s is definitely an issue but I could work around it with an export in my script.  Sorry for the misinformation in my original post!

Thanks,
Eric

On Tuesday, June 25, 2019 at 8:12:58 AM UTC-6, Eric Fetzer wrote:

Eric Fetzer

unread,
Jun 25, 2019, 10:46:30 AM6/25/19
to Jenkins Users
Looks like this issue was fixed with Jenkins 1.424:

java.io.EOFException

$ java -jar jenkins-cli.jar -s YOUR_SERVER_URL login
Exception in thread "main" java.io.EOFException
    at java.io.DataInputStream.readBoolean(DataInputStream.java:227)
    at hudson.cli.Connection.readBoolean(Connection.java:90)
    at hudson.cli.CLI.authenticate(CLI.java:360)
    at hudson.cli.CLI._main(CLI.java:255)
    at hudson.cli.CLI.main(CLI.java:199)

If on the server side you have such logs (perhaps with another security manager)

INFO: Accepted connection #54 from /88.171.115.235:60876
Exception in thread "Thread-3518" java.lang.UnsupportedOperationException: Not giving you the password
    at com.atlassian.crowd.integration.acegi.user.CrowdUserDetails.getPassword(CrowdUserDetails.java:52)
    at hudson.model.User.impersonate(User.java:250)
    at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44)
    at hudson.cli.CliManagerImpl$1.run(CliManagerImpl.java:99)

This issues was fixed in Jenkins 1.424


Yet I'm getting it on version 2.176.1.

Thanks,
Eric 

On Tuesday, June 25, 2019 at 8:12:58 AM UTC-6, Eric Fetzer wrote:

Eric Fetzer

unread,
Jun 25, 2019, 11:21:48 AM6/25/19
to Jenkins Users
OK, I think I've been getting lucky for years.  It appears I'm supposed to be updating jenkins-cli.jar as jenkins is updated (happening from yum update all, but it's not me doing it so I don't think about it).  Updating the jenkins client, I'll respond how that worked in a bit.  Thanks!


On Tuesday, June 25, 2019 at 8:12:58 AM UTC-6, Eric Fetzer wrote:

Eric Fetzer

unread,
Jun 25, 2019, 11:27:31 AM6/25/19
to Jenkins Users
OK, that was a flop.  I downloaded the correct jenkins-cli.jar from : http://myJenkinsServer:8080/jnlpJars/jenkins-cli.jar, and now I get:

Exception in thread "main" java.lang.UnsupportedClassVersionError: hudson/cli/CLI : Unsupported major.minor version 52.0
        at java.lang.ClassLoader.defineClass1(Native Method)
        at java.lang.ClassLoader.defineClass(ClassLoader.java:648)
        at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
        at java.net.URLClassLoader.defineClass(URLClassLoader.java:272)
        at java.net.URLClassLoader.access$000(URLClassLoader.java:68)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:207)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:201)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:200)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:325)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:296)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:270)
        at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:406)

On Tuesday, June 25, 2019 at 8:12:58 AM UTC-6, Eric Fetzer wrote:

Eric Pyle

unread,
Jun 25, 2019, 11:33:37 AM6/25/19
to jenkins...@googlegroups.com
It's telling you the Java version is not correct. What version of Java are you using? Needs to be 1.8 for current Jenkins.
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6eef6538-ad55-49e9-8ae0-ed2c727509de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
Eric Pyle
Siemens PLM Software
Lebanon, NH
+1 603-277-3060
eric...@siemens.com
http://www.siemens.com/plm

Eric Fetzer

unread,
Jun 25, 2019, 11:52:24 AM6/25/19
to Jenkins Users
Thanks Eric!  I updated my java version to 1.8 and it appears my command line has changed since the version of java-cli.jar I was using.  the -i doesn't work together with the -s without a -ssh and the -ssh needs a -user, lol.  But once I put all those together, I get:

java -cp /my/path/to/jar/jenkins-cli.jar -s http://myJenkinsServer:8080  -ssh -user jenkins -i /my/key/.ssh/id_rsa help

Jun 25, 2019 9:48:19 AM org.apache.sshd.common.util.security.AbstractSecurityProviderRegistrar getOrCreateProvider
INFO: getOrCreateProvider(EdDSA) created instance of net.i2p.crypto.eddsa.EdDSASecurityProvider
Jun 25, 2019 9:48:19 AM hudson.cli.SSHCLI sshConnection
WARNING: No header 'X-SSH-Endpoint' returned by Jenkins

I don't think this is a success as it didn't return help to me.

To unsubscribe from this group and stop receiving emails from it, send an email to jenkins...@googlegroups.com.

Eric Pyle

unread,
Jun 27, 2019, 12:14:06 PM6/27/19
to Eric Fetzer, Eric Pyle, jenkins...@googlegroups.com
I don't think that will help. The CLI changed in a recent release, and even without the reverse proxy you have to change how you use it. Did you have a look at the "Common Problems with the CLI client" in the docs? Remember that the username you are passing with -user is a Jenkins user id, not a Linux username. Have you added the public key for that user to Jenkins as shown in the doc?

One other thing: You are using "java -cp /path/to/cli.jar", while all the examples in the help show "java -jar /path/to/cli.jar". Might be worth trying. In any case, I ended up switching to the direct ssh method I showed in my shell script, and it's been working for me.

Good luck!
Eric

On 6/27/2019 10:17 AM, Eric Fetzer wrote:
Hi Eric, thanks for the reply.  I'm not using a reverse proxy on my Jenkins server.  It's pretty much out of the box.  I've been using the jenkins-cli.jar file for about 6 years.  I just recently upgraded it and it stopped working.  Before, I was able to connect with just the -s and the -i.  Not sure why with the new version -i needs the ssh option.  Maybe I should just call straight to the jenkins-cli.jar on the server to bypass jenkins remote security functionality?

Thanks,
Eric


On Tue, Jun 25, 2019 at 11:10 AM Eric Pyle <eric...@cd-adapco.com> wrote:
Have a look at the docs: https://jenkins.io/doc/book/managing/cli/ .  As stated there, if you are using a reverse proxy on your Jenkins server, it won't work using the jenkins-cli.jar as you are. You can try using the property -Dorg.jenkinsci.main.modules.sshd.SSHD.hostName on Jenkins startup, but that didn't work for our installation. I ended up switching to accessing CLI via the ssh command, as documented under "Using the CLI over SSH". Here's a little shell script I set up to access CLI from a bash prompt:

$ cat bin/jenkins
if [ $# == 0 ]; then DEF_ARG=help;fi
port=`curl -Lv ${JENKINS_URL}/login 2>&1 | grep -i 'x-ssh-endpoint'|grep -oE '([0-9]+)'`
ssh -p $port starci $@ $DEF_ARG
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/f225f651-4f68-4f1c-81fd-bd0705305414%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

-- 
Eric Pyle
Siemens PLM Software
Lebanon, NH
+1 603-277-3060
eric...@siemens.com
http://www.siemens.com/plm
Reply all
Reply to author
Forward
0 new messages