Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[JENKINS-26580] Activate JNLP3 support #2010

Merged
merged 16 commits into from
Mar 9, 2016
Merged

[JENKINS-26580] Activate JNLP3 support #2010

merged 16 commits into from
Mar 9, 2016

Conversation

kohsuke
Copy link
Member

@kohsuke kohsuke commented Feb 2, 2016

JENKINS-26580

Follow up to jenkinsci/remoting#69 to activate JNLP3 support on the server side

akshayabd and others added 5 commits April 17, 2015 08:11
This way, the inner-working of the protocol can be kept private within
the remoting module, which increases a modularity.
Given that there's only one caller, I think handling AbstractMethodError
is better than doing the compatibility method ping pong
Conflicts:
	core/src/main/java/jenkins/slaves/JnlpAgentReceiver.java
	pom.xml
@kohsuke
Copy link
Member Author

kohsuke commented Feb 2, 2016

cc @akshayabd @oleg-nenashev @jglick

Merging this requires a corresponding remoting release

@@ -55,7 +57,16 @@
* @throws Exception
* Any exception thrown from this method will fatally terminate the connection.
*/
public abstract boolean handle(String name, JnlpSlaveHandshake handshake) throws IOException, InterruptedException;
public abstract boolean handle(String name, JnlpServerHandshake handshake) throws IOException, InterruptedException;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It still breaks the binary compatibility, because external classes won't implement the new abstract method. Maybe NIT in the case of remoting

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW the invocation below catches the AbstractMethodError

@oleg-nenashev
Copy link
Member

LGTM in general.

* @deprecated
* Use {@link #handle(String, JnlpServerHandshake)}
*/
public boolean handle(String name, JnlpSlaveHandshake handshake) throws IOException, InterruptedException {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing @Deprecated - given the javadoc.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One or the other is sufficient.

@kohsuke
Copy link
Member Author

kohsuke commented Feb 2, 2016

My plane is about to leave so I can't check this now but does this code correctly call ChannelConfigurator

if (recv.handle(nodeName,this))
return;
} catch (AbstractMethodError e) {
if (recv.handle(nodeName,new JnlpSlaveHandshake(this)))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks alarming. Why not just retain the original method signature, deprecate it, and delegate?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was much shorter than the ping-pong and loop detection, plus it has the benefit of abstract method clearly marked as such.

@jglick
Copy link
Member

jglick commented Feb 7, 2016

does this code correctly call ChannelConfigurator

The fix of SECURITY-206 includes an assertion in JnlpAccessWithSecuredHudsonTest.testServiceUsingDirectSecret. If the agent and master automatically agree to use the v3 protocol, I suppose the existing test should cover this.

@jglick
Copy link
Member

jglick commented Feb 7, 2016

Could not resolve dependencies for project org.jenkins-ci.main:cli:jar:1.647-SNAPSHOT: Could not find artifact org.jenkins-ci.main:remoting:jar:2.54-SNAPSHOT in cloudbees-private-snapshot-repository

You need to deploy a snapshot of the library to have this PR be tested.

@jglick jglick changed the title Active JNLP3 support [JENKINS-26580] Activate JNLP3 support Feb 19, 2016
@kohsuke
Copy link
Member Author

kohsuke commented Feb 20, 2016

Wow, Jesse predicted the exact test case that fails!!

* @author Akshay Dayal
* @since 1.XXX
*/
@Extension
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initial manual testing looks good - the JNLP node connects with JNLP3 protocol and I can build a project on the node.

I think more stress testing needs to be done before JNLP3 is made the default protocol. In this initial release JNLP3 should only be available if the user explicitly asks for it. There are 3 approaches:

Master-side control
1. Making master support JNLP3 through a flag
2. Making master support JNLP3 through UI option
Node-side control
3. Making node try JNLP3 first using flag

Option 1 can be done in "easy" ways I suppose, this class can check for a boolean system property, if its not set fail and let JNLP2 take over.
Option 2 is a lot of work and I would not favor it.
Option 3 is easy, but requires some extra work for users starting up nodes with JNLP3.

I'm ok with either option 1 or 3, prefer 1 slightly since I like controlling the behavior from the master side, not the node.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I'll ease this in by making this feature optional in the beginning for a while.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm going to spend some time dusting out the stress-test suites that we used before and run them for JNLP3. Will probably have to modify them a bit to have significant "work" being done for each build instead of just "sleep 5". Will let you know when I'm done.

JNLP3 is activated now for 10% of users. Let's keep it like this for a
while and if no major issue occurs we should expose it to everyone.
@kohsuke
Copy link
Member Author

kohsuke commented Mar 4, 2016

I discovered that the protocol doesn't gracefully handle a server that doesn't understand the protocol. Needs further tweak in remoting.

@kohsuke
Copy link
Member Author

kohsuke commented Mar 4, 2016

Can somebody help me understand why the PR validation build doesn't pick up http://repo.jenkins-ci.org/snapshots/org/jenkins-ci/main/remoting/2.56-SNAPSHOT/ ?

@kohsuke
Copy link
Member Author

kohsuke commented Mar 4, 2016

FWIW locally it passes all the tests.

@aheritier
Copy link
Member

@kohsuke https://repository-jenkins.forge.cloudbees.com/snapshot/org/jenkins-ci/main/remoting/ there is no 2.56-SNAPSHOT version here ....
Did you manually deployed it ?
I suppose you did and it was removed because Maven tries to get a version 2.56-20160304.223037-1 thus it must have this version in its local repository cache. The problem is that it doesn't use it because it isn't available in the remote repository. It is the crappy feature added in Maven 3.x and which always reports a stupid error message that doesn't explain the error cc @stephenc
Building with -U option (or repositories options in settings to always check snapshots) is safer/cleaner to enforce maven to try to get a new SNAPSHOt if available. It won't solve the issue that the SNAPSHOT was deleted in the remote. The problem can be bypassed (but it's crappy) and let maven use its local cached SNAPSHOT with the option

-llr,--legacy-local-repository         Use Maven 2 Legacy Local
                                        Repository behaviour, ie no use of
                                        _remote.repositories. Can also be
                                        activated by using
                                        -Dmaven.legacyLocalRepo=true

@kohsuke
Copy link
Member Author

kohsuke commented Mar 7, 2016

@aheritier see the link I provided above, which is the official snapshot repo for the Jenkins project. Sounds like the issue is that we are not configuring our POMs to refer to that snapshot repository, though it makes me wonder how others have been doing this.

@aheritier
Copy link
Member

@kohsuke https://repository-jenkins.forge.cloudbees.com/snapshot/org/jenkins-ci/main/remoting/ is where the build is looking for snapshots instead of http://repo.jenkins-ci.org/snapshots/org/jenkins-ci/main/remoting

I agree that the snapshot repo http://repo.jenkins-ci.org/snapshots/org/jenkins-ci/main/remoting should be defined in the POM or in the maven settings

For now it's not defined in any POM
https://github.com/jenkinsci/pom/blob/master/pom.xml#L77
https://github.com/jenkinsci/jenkins/blob/master/pom.xml#L111

Thus I imagine that people using SNAPSHOTs are defining the repo in the maven settings used on CI
There is a settings.xml config defined in the Config File Provider plugin called JenkinsSettings activating in a jenkins profile snapshots from http://repo.jenkins-ci.org/public/ but this one isn't used by the job. I don't know what are the rules and how is managed this instance. maybe @abayer @rtyler or @daniel-beck know ...

@kohsuke
Copy link
Member Author

kohsuke commented Mar 8, 2016

The test failure is a fluke

@kohsuke kohsuke closed this Mar 8, 2016
@kohsuke kohsuke reopened this Mar 8, 2016
@aheritier
Copy link
Member

@kohsuke Great !!
I think that we should use for all jobs on https://jenkins.ci.cloudbees.com the same set of (maven) settings and to activate SNAPSHOTs for everyone (but I have no clue where to request it - INFRA ? - and who can/should take care of this)

kohsuke added a commit that referenced this pull request Mar 9, 2016
@kohsuke kohsuke merged commit 6d3e054 into master Mar 9, 2016
@kohsuke kohsuke deleted the jnlp3 branch March 9, 2016 16:10
@akshayabd
Copy link
Contributor

Great to see this merged in - thanks @kohsuke! I always recommend caution, I still haven't done enough scale testing to see what sort of [CPU] performance requirements the Ciphers have. Is there a smaller Jenkins cluster you can test this on before activating it on the main https://jenkins.ci.cloudbees.com?

@stephenc
Copy link
Member

stephenc commented Mar 9, 2016

Also, as I have pointed out, this is a non-NIO implementation and requires one reader thread per slave... I am working on a v4 protocol that uses a new SSLEngine aware NIOHub and hope to have that soon.

The consideration of @kohsuke and I is that allowing some encryption of the channel at the cost of threads is more important than waiting while I battle with SSLEngine to deliver a v4 protocol

Sent from my iPad

On 9 Mar 2016, at 19:43, akshayabd notifications@github.com wrote:

Great to see this merged in - thanks @kohsuke! I always recommend caution, I still haven't done enough scale testing to see what sort of [CPU] performance requirements the Ciphers have. Is there a smaller Jenkins cluster you can test this on before activating it on the main https://jenkins.ci.cloudbees.com?


Reply to this email directly or view it on GitHub.

@akshayabd
Copy link
Contributor

@stephenc Yes good catch, I had not considered the NIOHub issue. Performance-wise it would probably make a significant difference.

olivergondza pushed a commit that referenced this pull request Mar 30, 2016
[FIXED JENKINS-26580][FIXED JENKINS-28289] Activate JNLP3 support
(cherry picked from commit 6d3e054)
olivergondza added a commit that referenced this pull request Mar 31, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants