Uploaded image for project: 'Bamboo'
  1. Bamboo
  2. BAM-20521

Unable to secure remote agents via automatic keystore management

    XMLWordPrintable

Details

    Description

      Issue Summary

      It is not possible to secure the remote agents to connect to the Bamboo Server (using SSL) through the automatic keystore management feature.

      Steps to Reproduce

      1. Configure Bamboo to use SSL in Broker URL and Broker Client URL (Securing your remote agents)
      2. Restart Bamboo
      3. Install remote agent

      Expected Results

      Remote agent installed and able to connect to Bamboo server successfully without problem

      Actual Results

      Remote agent fail to connect to the SSL Broker URL
      The below exception is thrown in Bamboo server atlassian-bamboo.log file:

      2019-07-11 20:55:13,474 INFO [http-nio-8085-exec-11] [RemoteAgentManagerImpl] A remote agent is loading on localhost (127.0.0.1).
      2019-07-11 20:55:16,925 WARN [ActiveMQ Transport: ssl:///127.0.0.1:54322] [Transport] Transport Connection to: tcp://127.0.0.1:54322 failed: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
      2019-07-11 20:55:16,929 ERROR [ActiveMQ BrokerService[bamboo] Task-4] [TransportConnector] Could not accept connection from tcp://127.0.0.1:54322 : javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
      2019-07-11 20:56:09,613 ERROR [ActiveMQ BrokerService[bamboo] Task-5] [TransportConnector] Could not accept connection from tcp://127.0.0.1:54332 : javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
      
      

      Notes

      The same settings works fine in Bamboo 5.14.4.1

      Workaround

      Option 1
      1. Edit $BAMBOO_HOME/bamboo.cfg.xml
      2. Add socket.verifyHostName=false to bamboo.jms.broker.client.uri. Example below:
            <property name="bamboo.jms.broker.client.uri">failover:(ssl://bamboo:54663?wireFormat.maxInactivityDuration=300000&amp;socket.verifyHostName=false)?initialReconnectDelay=15000&amp;maxReconnectAttempts=10</property>
        
      3. Restart Bamboo
      4. Restart agents
      Option 2
      1. Add the following setting into <remote-agent-home>/conf/wrapper.conf
        wrapper.java.additional.3=-Djavax.net.ssl.trustStore=<remote-agent-home>/xml-data/configuration/jmsclient.ts
        
        
      2. Restart remote agent

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              klfoong Foong (Inactive)
              Votes:
              16 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: