hello world gocd in kubernetes deployed via official helm not working because of SSL
127 views
Skip to first unread message
HUSSEIN KADIRI
May 4, 2021, 11:11:46 AM5/4/21
to go-cd
Hi, i'm a gocd newbie and having an issue getting the hello world gocd in kubernetes to work.
The issue when i start a build using elastic agent, the new agent can't connect to the server.
Because the gocd server url is http://gocd-server:8153/go but it needs to be https.
Log snippet:
[Mon May 03 21:47:02 GMT 2021] Starting process:
[Mon May 03 21:47:02 GMT 2021] Working directory : /go
[Mon May 03 21:47:02 GMT 2021] Application arguments: [-serverUrl, http://gocd-server:8153/go]
[Mon May 03 21:47:02 GMT 2021] GoCD Version: 18.3.0-6540
...
-serverUrl must be an HTTPS url and must begin with https://
Usage: java -jar agent-bootstrapper.jar [options]
Options:
-help
Print this help
-rootCertFile
The root certificate from the certificate chain of the GoCD server (in
PEM format)
-serverUrl
The GoCD server URL. Must begin with https://, and end with /go
-sslVerificationMode
Tracing it back to the helm chart, that is coming from https://github.com/gocd/helm-chart/blob/master/gocd/templates/gocd-agent-deployment.yaml#L78
The tutorial seems to suggest simple helm install the chart and everything should work.
But it doesn't look that's the case.
Because the gocd server url is http://gocd-server:8153/go but it needs to be https.
Log snippet:
[Mon May 03 21:47:02 GMT 2021] Starting process:
[Mon May 03 21:47:02 GMT 2021] Working directory : /go
[Mon May 03 21:47:02 GMT 2021] Application arguments: [-serverUrl, http://gocd-server:8153/go]
[Mon May 03 21:47:02 GMT 2021] GoCD Version: 18.3.0-6540
...
-serverUrl must be an HTTPS url and must begin with https://
Usage: java -jar agent-bootstrapper.jar [options]
Options:
-help
Print this help
-rootCertFile
The root certificate from the certificate chain of the GoCD server (in
PEM format)
-serverUrl
The GoCD server URL. Must begin with https://, and end with /go
-sslVerificationMode
Tracing it back to the helm chart, that is coming from https://github.com/gocd/helm-chart/blob/master/gocd/templates/gocd-agent-deployment.yaml#L78
The tutorial seems to suggest simple helm install the chart and everything should work.
But it doesn't look that's the case.
I'm curios how folks for the helm chart working. and what setup (minikube, docker desktop, KinD, GKE, etc) they used. Did you have to do anything extra to get the cluster working?
A user created an issue on the SSL https://github.com/gocd/helm-chart/issues/12 but there's been no action on it.
I've tried with minikube but the build fails because minikube can't handle external DNS resolution. In this case fails when it tries to resolve github.com
I've tried with minikube but the build fails because minikube can't handle external DNS resolution. In this case fails when it tries to resolve github.com
varshasva...@gmail.com
May 4, 2021, 2:58:47 PM5/4/21
to go-cd
Hello,
GoCD made changes to the agent server communication in version 20.2.0. On GoCD v18.3.0, agents connect to the gocd server on https://gocd-server:8154/go. There are two ways you can work around this:
1. Use an old helm chart version to match the application version v18.3.0. You can find the chart versions corresponding application versions on https://helm.sh. This would mean that you won't get the helm chart bug fixes etc that have been made since the old helm chart version
2. Specify the GO_SERVER_URL environment variable as https://gocd-server:8154/go in values.yaml while installing the helm chart. It's under agent.env in values.yaml
Cheers
GoCD made changes to the agent server communication in version 20.2.0. On GoCD v18.3.0, agents connect to the gocd server on https://gocd-server:8154/go. There are two ways you can work around this:
1. Use an old helm chart version to match the application version v18.3.0. You can find the chart versions corresponding application versions on https://helm.sh. This would mean that you won't get the helm chart bug fixes etc that have been made since the old helm chart version
2. Specify the GO_SERVER_URL environment variable as https://gocd-server:8154/go in values.yaml while installing the helm chart. It's under agent.env in values.yaml
Cheers
HUSSEIN KADIRI
May 4, 2021, 6:14:19 PM5/4/21
to go...@googlegroups.com
Thanks for the response. I did (2) but it was complaining about SSL cert. Not on my computer so I don't have the code snippet
--
You received this message because you are subscribed to a topic in the Google Groups "go-cd" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/go-cd/S_vsNT85U_U/unsubscribe.
To unsubscribe from this group and all its topics, send an email to go-cd+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/1fc7c4b1-f28b-4f89-ba63-50aa5f5cb11bn%40googlegroups.com.
HUSSEIN KADIRI
May 4, 2021, 6:15:50 PM5/4/21
to go...@googlegroups.com
There needs to be a valid ssl cert that matches that hostname. The error was because there wasn't . Something like that
HUSSEIN KADIRI
May 4, 2021, 7:27:43 PM5/4/21
to go-cd
port 8154 doesn't seem to be valid. 8153 is. port 8154 was removed last year. See commit
Here is the SSL error:
Could not find file `config/agent-bootstrapper-logback.xml'. Attempting to load from classpath.
Using classpath resource `jar:onejar:lib/agent-bootstrapper-18.3.0-6540-classes.jar!/config/agent-bootstrapper-logback.xml'.
2021-05-04 23:19:48,508 INFO [main] DefaultAgentLauncherCreatorImpl:67 - Attempting to load com.thoughtworks.go.agent.launcher.AgentLauncherImpl as specified by manifest key Go-Agent-Launcher-Class
2021-05-04 23:19:48,521 INFO [main] ParentClassAccessFilteringClassloader:44 - Loading com.thoughtworks.cruise.agent.common.launcher.AgentLauncher using java.net.URLClassLoader
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:onejar:lib/logback-classic-1.2.3.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/go/data/deps-39607e32d0b20856-agent-launcher.jar/logback-classic-1.2.3.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [ch.qos.logback.classic.util.ContextSelectorStaticBinder]
2021-05-04 23:19:48,555 INFO [main] AgentBootstrapper:77 - Attempting create and start launcher...
2021-05-04 23:19:48,560 INFO [main] ParentClassAccessFilteringClassloader:44 - Loading com.thoughtworks.cruise.agent.common.launcher.AgentLaunchDescriptor using java.net.URLClassLoader
Could not find file `config/agent-launcher-logback.xml'. Attempting to load from classpath.
Using classpath resource `jar:file:/go/data/deps-39607e32d0b20856-agent-launcher.jar/agent-launcher-18.3.0-6540-classes.jar!/config/agent-launcher-logback.xml'.
2021-05-04 23:19:48,637 INFO [TouchLoopThread-1] Lockfile:102 - Using lock file: /go/.agent-bootstrapper.running
2021-05-04 23:19:48,924 ERROR [main] ServerBinaryDownloader:80 - Couldn't update admin/agent-launcher.jar. Sleeping for 1m. Error:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710)
I'm curios how folks have been using setting up gocd. The helm chart does not work right off the bat. Maybe folks use something else?
Would try to downgrade to GoCD v18.3.0.
$ kubectl get services -n gocd
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gocd-server NodePort 10.106.200.15 <none> 8153:32125/TCP 2d1h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gocd-server NodePort 10.106.200.15 <none> 8153:32125/TCP 2d1h
Here is the SSL error:
Could not find file `config/agent-bootstrapper-logback.xml'. Attempting to load from classpath.
Using classpath resource `jar:onejar:lib/agent-bootstrapper-18.3.0-6540-classes.jar!/config/agent-bootstrapper-logback.xml'.
2021-05-04 23:19:48,508 INFO [main] DefaultAgentLauncherCreatorImpl:67 - Attempting to load com.thoughtworks.go.agent.launcher.AgentLauncherImpl as specified by manifest key Go-Agent-Launcher-Class
2021-05-04 23:19:48,521 INFO [main] ParentClassAccessFilteringClassloader:44 - Loading com.thoughtworks.cruise.agent.common.launcher.AgentLauncher using java.net.URLClassLoader
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:onejar:lib/logback-classic-1.2.3.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/go/data/deps-39607e32d0b20856-agent-launcher.jar/logback-classic-1.2.3.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [ch.qos.logback.classic.util.ContextSelectorStaticBinder]
2021-05-04 23:19:48,555 INFO [main] AgentBootstrapper:77 - Attempting create and start launcher...
2021-05-04 23:19:48,560 INFO [main] ParentClassAccessFilteringClassloader:44 - Loading com.thoughtworks.cruise.agent.common.launcher.AgentLaunchDescriptor using java.net.URLClassLoader
Could not find file `config/agent-launcher-logback.xml'. Attempting to load from classpath.
Using classpath resource `jar:file:/go/data/deps-39607e32d0b20856-agent-launcher.jar/agent-launcher-18.3.0-6540-classes.jar!/config/agent-launcher-logback.xml'.
2021-05-04 23:19:48,637 INFO [TouchLoopThread-1] Lockfile:102 - Using lock file: /go/.agent-bootstrapper.running
2021-05-04 23:19:48,924 ERROR [main] ServerBinaryDownloader:80 - Couldn't update admin/agent-launcher.jar. Sleeping for 1m. Error:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710)
I'm curios how folks have been using setting up gocd. The helm chart does not work right off the bat. Maybe folks use something else?
Would try to downgrade to GoCD v18.3.0.
HUSSEIN KADIRI
May 4, 2021, 10:52:02 PM5/4/21
to go...@googlegroups.com
Figured it out. The doc is using an old image. See https://github.com/gocd/gocd/issues/9279 for details
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/88744c6e-e706-440d-ae3c-96f239ce3562n%40googlegroups.com.
Hussein Kadiri
Reply all
Reply to author
Forward
0 new messages