Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-20521

Unable to secure remote agents via automatic keystore management

XMLWordPrintable

      Issue Summary

      It is not possible to secure the remote agents to connect to the Bamboo Server (using SSL) through the automatic keystore management feature.

      Steps to Reproduce

      1. Configure Bamboo to use SSL in Broker URL and Broker Client URL (Securing your remote agents)
      2. Restart Bamboo
      3. Install remote agent

      Expected Results

      Remote agent installed and able to connect to Bamboo server successfully without problem

      Actual Results

      Remote agent fail to connect to the SSL Broker URL
      The below exception is thrown in Bamboo server atlassian-bamboo.log file:

      2019-07-11 20:55:13,474 INFO [http-nio-8085-exec-11] [RemoteAgentManagerImpl] A remote agent is loading on localhost (127.0.0.1).
2019-07-11 20:55:16,925 WARN [ActiveMQ Transport: ssl:///127.0.0.1:54322] [Transport] Transport Connection to: tcp://127.0.0.1:54322 failed: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
2019-07-11 20:55:16,929 ERROR [ActiveMQ BrokerService[bamboo] Task-4] [TransportConnector] Could not accept connection from tcp://127.0.0.1:54322 : javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
2019-07-11 20:56:09,613 ERROR [ActiveMQ BrokerService[bamboo] Task-5] [TransportConnector] Could not accept connection from tcp://127.0.0.1:54332 : javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

      Notes

      The same settings works fine in Bamboo 5.14.4.1

      Workaround

      Option 1
      1. Edit $BAMBOO_HOME/bamboo.cfg.xml
      2. Add socket.verifyHostName=false to bamboo.jms.broker.client.uri. Example below: 
            <property name="bamboo.jms.broker.client.uri">failover:(ssl://bamboo:54663?wireFormat.maxInactivityDuration=300000&amp;socket.verifyHostName=false)?initialReconnectDelay=15000&amp;maxReconnectAttempts=10</property>
      3. Restart Bamboo
      4. Restart agents
      Option 2
      1. Add the following setting into <remote-agent-home>/conf/wrapper.conf 
        wrapper.java.additional.3=-Djavax.net.ssl.trustStore=<remote-agent-home>/xml-data/configuration/jmsclient.ts
      2. Restart remote agent

              Unassigned Unassigned
              klfoong Foong (Inactive)
              Votes:
              16 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: