Specs in-Docker processing will use the Java proxy settings to connect to the Docker local unix:// socket and fail

XMLWordPrintable

    • Severity 3 - Minor

      Issue Summary

      This is reproducible on Data Center:

      When Bamboo Specs processing is enabled in Docker, the RepositoryStoredSpecsExecutionService will use the defined HTTP proxy settings from the Java runtime to connect to the Docker unix socket and fail

      Steps to Reproduce

      1. Configure Bamboo to use an outbound proxy 
      2. When configuring the proxy settings, don't specify an exception to localhost via -Dhttp.nonProxyHosts='localhost|127.0.0.1'. Some proxy implementations will run on the same host as Bamboo and will bypass any connections to localhost
      3. Enable "Process Bamboo Specs in Docker" in "Bamboo Security Settings"
      4. Specs-scan a Linked Repository

      Expected Results

      • Bamboo should be able to communicate with the Docker service socket and work normally without evaluating/using any Proxy settings as the connection to the socket is local via DOCKER_HOST=unix:///var/run/docker.sock

      Actual Results

      • Bamboo uses the defined HTTP Proxy settings to connect to a local UNIX socket and fails: 
        2023-08-12 09:42:40,709 ERROR [17-repository-stored-specs:pool-18-thread-1] [RepositoryStoredSpecsExecutionServiceImpl] Bamboo is configured to process Bamboo Specs in Docker, but it failed to connect to the Docker daemon. Make sure that Docker is running or disable processing Bamboo Specs in Docker in Bamboo Security Settings.
com.spotify.docker.client.exceptions.DockerRequestException: Request error: GET unix://localhost:80/_ping: 500, body: <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

<head>
<title>500 Unable to connect</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>

<body>

<h1>Unable to connect</h1>

<p>Tinyproxy was unable to connect to the remote web server.</p>

<hr />

<p><em>Generated by <a href="https://tinyproxy.github.io/">tinyproxy</a> version 1.11.0.</em></p>

</body>

</html>

	at com.spotify.docker.client.DefaultDockerClient.propagate(DefaultDockerClient.java:2840) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.DefaultDockerClient.request(DefaultDockerClient.java:2712) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.DefaultDockerClient.ping(DefaultDockerClient.java:594) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.atlassian.bamboo.configuration.external.rss.RepositoryStoredSpecsExecutionServiceImpl.lambda$runSpecsWithDocker$1(RepositoryStoredSpecsExecutionServiceImpl.java:215) ~[atlassian-bamboo-import-export-9.4.0-m140.jar:?]
	at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
	at com.atlassian.bamboo.utils.BambooRunnables$1.run(BambooRunnables.java:48) ~[atlassian-bamboo-api-9.4.0-m140.jar:?]
	at com.atlassian.bamboo.security.ImpersonationHelper.runWith(ImpersonationHelper.java:26) ~[atlassian-bamboo-api-9.4.0-m140.jar:?]
	at com.atlassian.bamboo.security.ImpersonationHelper.runWithSystemAuthority(ImpersonationHelper.java:17) ~[atlassian-bamboo-api-9.4.0-m140.jar:?]
	at com.atlassian.bamboo.security.ImpersonationHelper.lambda$makeRunnableWithSystemAuthority$0(ImpersonationHelper.java:38) ~[atlassian-bamboo-api-9.4.0-m140.jar:?]
	at java.lang.Thread.run(Thread.java:829) ~[?:?]
Caused by: com.spotify.docker.client.shaded.javax.ws.rs.InternalServerErrorException: HTTP 500 Unable to connect
	at com.spotify.docker.client.shaded.org.glassfish.jersey.client.JerseyInvocation.convertToException(JerseyInvocation.java:1020) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.client.JerseyInvocation.translate(JerseyInvocation.java:816) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.client.JerseyInvocation.access$700(JerseyInvocation.java:92) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.client.JerseyInvocation$5.completed(JerseyInvocation.java:773) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.client.ClientRuntime.processResponse(ClientRuntime.java:198) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.client.ClientRuntime.access$300(ClientRuntime.java:79) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.client.ClientRuntime$2.run(ClientRuntime.java:180) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.internal.Errors.process(Errors.java:315) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.internal.Errors.process(Errors.java:297) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.internal.Errors.process(Errors.java:267) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:340) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at com.spotify.docker.client.shaded.org.glassfish.jersey.client.ClientRuntime$3.run(ClientRuntime.java:210) ~[docker-client-8.16.1-atlassian-7-shaded.jar:?]
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?]
	at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
	... 1 more

      Workaround

      • Add -Dhttp.nonProxyHosts='localhost|127.0.0.1' to Bamboo's system properties to instruct the com.spotify.docker library to bypass any proxies when connecting to localhost

            Assignee:
            Eduardo Alvarenga (Inactive)
            Reporter:
            Eduardo Alvarenga (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: