如何修复连接到 jenkins windows 从属服务器时出现的错误

如何修复连接到 jenkins windows 从属服务器时出现的错误

将 Windows 节点连接到 Jenkins 时出现以下错误。

JNLP 错误截图

因此,我尝试使用 jar 文件而不是 jnlp 运行,但出现以下错误。

--

SEVERE: [JNLP4-connect connection to ip-172-31-6-4.us-west-2.compute.internal/172.31.6.4:50000]
javax.net.ssl.SSLHandshakeException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=827c06b22d279dbb388d12b70ddaf0c6) is not in the list of trusted keys
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:642)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:448)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1052)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:999)
        at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:382)
        at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.onRecv(SSLEngineFilterLayer.java:117)
        at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:668)
        at org.jenkinsci.remoting.protocol.impl.AckFilterLayer.onRecv(AckFilterLayer.java:258)
        at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:668)
        at org.jenkinsci.remoting.protocol.NetworkLayer.onRead(NetworkLayer.java:136)
        at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer.access$2200(BIONetworkLayer.java:48)
        at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader.run(BIONetworkLayer.java:283)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:118)
        at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.security.cert.CertificateException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=827c06b22d279dbb388d12b70ddaf0c6) is not in the list of trusted keys
        at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkPublicKey(PublicKeyMatchingX509ExtendedTrustManager.java:219)
        at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkServerTrusted(PublicKeyMatchingX509ExtendedTrustManager.java:265)
        at org.jenkinsci.remoting.protocol.cert.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:148)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:620)
        ... 20 more

Feb 19, 2021 5:58:43 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Protocol JNLP4-connect encountered an unexpected exception
java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=827c06b22d279dbb388d12b70ddaf0c6) is not in the list of trusted keys
        at org.jenkinsci.remoting.util.SettableFuture.get(SettableFuture.java:223)
        at hudson.remoting.Engine.innerRun(Engine.java:744)
        at hudson.remoting.Engine.run(Engine.java:519)
Caused by: javax.net.ssl.SSLHandshakeException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=827c06b22d279dbb388d12b70ddaf0c6) is not in the list of trusted keys
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:642)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:448)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1052)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:999)
        at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:382)
        at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.onRecv(SSLEngineFilterLayer.java:117)
        at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:668)
        at org.jenkinsci.remoting.protocol.impl.AckFilterLayer.onRecv(AckFilterLayer.java:258)
        at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:668)
        at org.jenkinsci.remoting.protocol.NetworkLayer.onRead(NetworkLayer.java:136)
        at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer.access$2200(BIONetworkLayer.java:48)
        at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader.run(BIONetworkLayer.java:283)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:118)
        at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.security.cert.CertificateException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=827c06b22d279dbb388d12b70ddaf0c6) is not in the list of trusted keys
        at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkPublicKey(PublicKeyMatchingX509ExtendedTrustManager.java:219)
        at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkServerTrusted(PublicKeyMatchingX509ExtendedTrustManager.java:265)
        at org.jenkinsci.remoting.protocol.cert.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:148)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:620)
        ... 20 more

Feb 19, 2021 5:58:43 PM hudson.remoting.jnlp.Main$CuiListener error
SEVERE: The server rejected the connection: None of the protocols were accepted
java.lang.Exception: The server rejected the connection: None of the protocols were accepted
        at hudson.remoting.Engine.onConnectionRejected(Engine.java:829)
        at hudson.remoting.Engine.innerRun(Engine.java:769)
        at hudson.remoting.Engine.run(Engine.java:519)

我尝试使用以下命令运行容器并且之前成功了,但现在出现了与 Windows 从属设备的连接问题。

docker run -d --name=buildjobs -p 8081:8080 -p 50001:50000 --env JAVA_OPTS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true -Dmail.smtp.starttls.enable=true -Dhudson.tasks.MailSender.SEND_TO_UNKNOWN_USERS=true -Djava.util.logging.config.file=/var/jenkins_home/log.properties -Dhudson.model.DirectoryBrowserSupport.CSP='' -Dhudson.model.DownloadService.noSignatureCheck=true" --env JENKINS_OPTS="--requestHeaderSize=16384" --mount type=bind,sr
c=/home/ec2-user/buildjobs/data,dst=/var/jenkins_home jenkins/jenkins:lts

如果我在 jenkins 配置页面中将 TCP 端口更改为 50001,则会收到以下错误。

--

C:\Users\Administrator\Downloads>"C:\tools\jdk-11.0.3.7-hotspot\bin\java.exe" -jar agent.jar -jnlpUrl http://172.31.6.4:8081/computer/build-machine/slave-agent.jnlp -secret 4208e35c9cbd420f65954bbdfa5a10a3553129221f215b17d984f625ebfb307d -workDir "c:\mart"
Feb 19, 2021 6:05:49 PM org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDir
INFO: Using c:\mart\remoting as a remoting work directory
Feb 19, 2021 6:05:49 PM org.jenkinsci.remoting.engine.WorkDirManager setupLogging
INFO: Both error and output logs will be printed to c:\mart\remoting
Feb 19, 2021 6:05:49 PM hudson.remoting.jnlp.Main createEngine
INFO: Setting up agent: build-machine
Feb 19, 2021 6:05:50 PM hudson.remoting.jnlp.Main$CuiListener <init>
INFO: Jenkins agent is running in headless mode.
Feb 19, 2021 6:05:50 PM hudson.remoting.Engine startEngine
INFO: Using Remoting version: 4.5
Feb 19, 2021 6:05:50 PM org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDir
INFO: Using c:\mart\remoting as a remoting work directory
Feb 19, 2021 6:05:50 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Locating server among [http://172.31.6.4:8081/]
Feb 19, 2021 6:05:50 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolve
INFO: Remoting server accepts the following protocols: [Ping]
Feb 19, 2021 6:05:51 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver isPortVisible
WARNING: Connection refused: connect
Feb 19, 2021 6:05:51 PM hudson.remoting.jnlp.Main$CuiListener error
SEVERE: http://172.31.6.4:8081/ provided port:50001 is not reachable
java.io.IOException: http://172.31.6.4:8081/ provided port:50001 is not reachable
        at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:314)
        at hudson.remoting.Engine.innerRun(Engine.java:694)
        at hudson.remoting.Engine.run(Engine.java:519)

jnlp TCP 50000 的端口号使用 docker 重定向,-p 51001:50000 不起作用。因此,在 Jenkins 页面内将内部端口更改为 51001,并将重定向保留为 -p 51001:51001,然后它就可以正常工作了。

谁能建议更好的解决方案?

相关内容