I just updated my Jenkins from 2.79 to 2.86
It seems to add new security fixes but it broke the EC2-Plugin
Indeed, now everytime the plugin is trying to launch a slave agent, I got an error:
"Launching agent" "ERROR: script not yet approved for use"
But the script to be approve via the Script Approval page is dynamic, containing temporary information
Did someone find how to solve the issue?
Thank you
EDIT:
I partially found a fix by unchecking the Connect by SSH Process in the EC2 configuration
Turn on sandbox mode. Whole-script-approval mode really should not be used any more.
While Used In a script, nothing else, only checkout, load the script and function call
Refer this
I also downgraded to 2.84 as I could not figure out how to enable sandbox mode.
Created new JIRA with Jenkins team.
https://issues.jenkins-ci.org/browse/JENKINS-47979
We were having the same issue while launching the slave agent via the SSH client process. As we were not able to quickly solve this, we've decided to downgrade Jenkins to version 2.84.
go to manage jenkins
got to IN-process script approval
approve pending scripts
and then launch the agent.
Related
I found this answer https://stackoverflow.com/a/35456310/80353 and it recommends either API or using user_data which actually is cloud-init underneath.
I can think of several ways to possibly get notified that a server is up:
detect droplet status via API
I notice that the status never changes during reboot so I guess this is out.
using DigitalOcean native monitoring agent
The monitoring agent seems to only cover resource utilisation. No alert when the server is being rebooted or finishes booting up
using cloud-init
This answer https://stackoverflow.com/a/35456310/80353 I mentioned earlier uses wget to send signals out. I can possibly use wget for every time the droplet finishes booting up using bootcmd in cloud-init. But not for reboot.
There's also the issue of how to ensure the wget request from the right DigitalOcean droplet can correctly identify itself to my server.
Any advice on how to accomplish getting notifications at my server whenever a droplet reboots or finishes booting up?
cloud-init
bootcmd actually runs every time. Check out the module frequency key in the docs
Another module you might consider for this is phone home.
Systemd
Since the OP is looking for notifications on shutdown/reboot as well, cloud-init is probably not the best for a single solution since it handles boot/init primarily. Assuming systemd:
This post discusses setting up a service to run on shutdown.
This post discusses setting up a service to run on startup.
Not able to bring AWS environment to healthy state in any way . It says-Environment named is in an invalid state for this operation. Must be Ready.
I am not able to restart the application , rebuild environment ,clone environment. On every operation I get the same message. I am STUCK on this.
The issue started with deprecated platform. But it is not allowing to upgrade the platform as well.
Current platform version is 2.11.8 and recommended is 2.11.9. But while changing it also, I get the same state issue.
I encountered the same issue. I opened up ec2 in aws console then chose the proper ec2 instance associated with the elb deployment, stopped it then started it. And this solved the issue.
I am performing some UI Automation on GCP using a Windows Server.
The process is as follows:
=> Machine Switches on at a defined time
=> RDP Connection to Machine
=> UI Interaction Script Runs on Startup
=> Process Ends
=> Machine Switches off at a defined time
All the components have been fulfilled except for automating the RDP connection in some way or other. I referred to this link but didn't find much insights or documentations.
Does anyone know a way to Automate an RDP connection right after instance turns on in GCP?
There is a windows application called IAP Desktop, using that you can manage multiple remote Desktop connection to Windows VM. While connecting to the VM you can save the credentials which will allow you to access the Windows VM using RDP just after boot on.
Also to automate the Windows password generation here is the documentation related to 1, inside of that document there are both options available automate or manually.
How are you deploying your startup script?
During the boot sequence, a script will either run before, after or during the boot process. By declaring Windows-specific metadata keys, you can run startup scripts after the instance turns on.
If that doesn't work, there is a paid Cloud Automation service that sounds like it will meet your requirements.
Tried using startup-scripts but no luck IAP Desktop didn't work due to scheduling as well. Finally Managed to solve it via using Windows 10 Auto login settings. This skips login screen and the best part was that out of all the users, it allows you to login via user of your choice. After I Login to the system, I added a startup a bat file by running shell:startup and it worked great.
I am getting below error when trying to login into my AWS EC2 instance. Last login was around 2 weeks back and everything was working fine so the password I am using is correct. No other information is available on the error message.
Is there a way I can see any logs through management console ?
Appreciate any help on this.
Remote Desktop Connection
An authentication error has occurred.The function requested is not supported
It seems like you are facing this issue.
Bottemline, This is caused by a Microsoft Security Patch. The Microsoft Security patch issued on Tuesday, May 8th 2018 triggered the problem by setting and requiring remote connections at the highest level.
Simply adjust the Remote Desktop settings on the host machine to a lower security level. From File Explorer, choose Computer, right-click and select Properties, then click Change Settings, and go to the Remote tab.
From Windows 10, uncheck the option to “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”
From Windows 7, it’s setting the option to the Less Secure option rather than More Secure
Once these are set, users can remote to the machine again.
If you don't have any other way into the machine except Remote Desktop, I'm afraid the machine is lost.
For anyone facing this issue. Below is response from AWS technical support team:
Looking at the error message you posted, this is due to a recent patch (KB4103727) that Microsoft has released to fix a vulnerability. It is a mandatory requirement from Microsoft that both the client machine (the computer from which you are trying to RDP into your instances) and the remote server (your EC2 instance) has the latest updates installed. If one of these machines has the latest updates installed and the other does not, RDP connection would fail.
Note: If you see your Windows is up to date and you do not see the KB4103727 installed, it could be a different KB article which applied the KB4103727 as a cumulative update. If this is the case, please uninstall all KBs that were installed recently before the RDP connection was broken.
For more information about this hotfix, please refer to the Microsoft documentation below:
https://blogs.technet.microsoft.com/yongrhee/2018/05/09/after-may-2018-security-update-rdp-an-authentication-error-occurred-this-could-be-due-to-credssp-encryption-oracle-remediation/
https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018
There are multiple workarounds for this issue:
Option 1: If the update is installed on your client (workstation) and is not installed on your EC2 instance.
Uninstall KB4103727 from your client machine. After you uninstall the KB and gain RDP access to the EC2 instance, you can patch the instance with latest updates first and then update your client machine with the KB by running Windows Update again.
Alternately, you can keep your client machine updated and you can install latest Windows updates on your EC2 instance remotely using SSM Run Command. For detailed instructions on how to configure your instance to use SSM Run Command, please refer to the below documentation:
SSM Prerequisites: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-prereqs.html
Run Command Tutorial: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/tutorial_run_command.html#rc-tutorial-ui
After you configure your instance to use SSM Run Command, you can execute the Run Command document "AWS-InstallWindowsUpdates" remotely on your instance.
Option 2: If the KB is installed on your EC2 instance and is not installed on your client machine
Run Windows Update on your client machine and install latest software updates. Once the latest updates are installed on both your instance and the client machine, you should be able to RDP into the instance.
Alternately, if you have a backup AMI or an EBS snapshot created before the patch was installed on your EC2 instance, you may consider restoring your instance from the backup to roll back the installed software updates.
Option 3: There is a workaround suggested by third party websites to disable the check altogether on the unpatched Windows machine and RDP should work normally. On the unpatched machine, open a command prompt with Administrator privileges and run the command mentioned below:
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 2
Please note, you may have to reboot your Windows machine for the changes to take effect after you install/uninstall the KB.
So, finally I had to uninstall mentioned update from client machine(using which I was trying to connect to the aws instance) which allowed me to connect to the instance. Once connect, I updated the instance with windows updates and rebooted it which resolved the issue.
We are using Hudson to build mixed C++/Java projects with an Ant script. It is running in Tomcat 6, on a Win XP virtual machine.
I have noticed recently that when a user logs off the machine (from a remote desktop session), builds that are currently running tend to suddenly fail without an error message.
Has anyone encountered anything similar or have an idea what might be causing this effect? I can post additional information about our setup if needed, I'm just not sure what's relevant in this case.
EDIT: I have tried running the Tomcat service under various users, but this doesn't seem to help. Tried the standard Local System account, as well as the server Administrator and a domain administrator account.
Try adding -Xrs to the Tomcat JVM arguments.
For more information see this bug.