Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-25903

Unable to download Bamboo agent installer in Bamboo

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Highest Highest
    • 10.0.2
    • 10.0.0, 10.0.1
    • Agents
    • None

      Issue Summary

      With the introduction of Secure Administrator Sessions (WebSudo) in Bamboo 10.0, it is now mandatory for a user session to be authenticated before any Remote Agent installers files are downloaded, this is to allow better control and traceability and prevent invalid or excessive anonymous requests to the Bamboo application.
      By design, downloading the Agent installer requires no special privileges from the authentication account, except for being authenticated.

      There's an issue while downloading the Agent installer when a user is authenticated, where the requested file is never fetched due to to "Too many HTTP redirects".
      Only when Global Anonymous Access is allowed the installer jar file download works

      This is reproducible on Data Center:

      Steps to Reproduce

      • Spin up a Bamboo Data Center version 10.0 or later
      • Make sure the Global Anonymous Access is unchecked under Bamboo Administration >> (Security) Global Permissions >> Anonymous users
      • Go to Bamboo Administration >> Agents
      • Authenticate to any WebSudo requests if required
      • Click on Install remote agents >> Download agent installer

      This is also reproducible when WebSudo is disabled.

      Expected Results

      The Agent installer is downloaded successfully

      Actual Results

      The user is thrown out of Bamboo and a page with an error- ERR_TOO_MANY_REDIRECTS

      Debug classes to be enabled:-

      • com.atlassian.bamboo.plugin.servlet ALL
      • com.atlassian.bamboo.filter ALL
      • com.atlassian.seraph.filter ALL
      • com.atlassian.bamboo.servlet ALL

      Below logs are seen in the atlassian-bamboo.log after enabling debugging:

      2024-09-24 16:11:54,310 DEBUG [http-nio-8085-exec-12] [EnhancedServletModuleManagerWrapper] Enhance plugin filters with access check
2024-09-24 16:11:54,311 DEBUG [http-nio-8085-exec-12 url: /bamboo/userlogin.action] [BambooCompressingFilter] GZIP compression required = true
2024-09-24 16:11:54,311 DEBUG [http-nio-8085-exec-12 url: /bamboo/userlogin.action] [EnhancedServletModuleManagerWrapper] Enhance plugin filters with access check
2024-09-24 16:11:54,312 DEBUG [http-nio-8085-exec-12 url: /bamboo/userlogin.action] [BaseLoginFilter] doFilter : ____ Attempting login for : '/userlogin.action?os_destination=%2FagentServer%2FagentInstaller%2Fatlassian-bamboo-agent-installer-10.0.1.jar'
2024-09-24 16:11:54,312 DEBUG [http-nio-8085-exec-12 url: /bamboo/userlogin.action] [PasswordBasedLoginFilter] login : No user name or password was returned. No authentication attempt will be made.  User may still be found via a SecurityFilter later.
2024-09-24 16:11:54,312 DEBUG [http-nio-8085-exec-12 url: /bamboo/userlogin.action] [BaseLoginFilter] doFilter : Login completed for 'null' - os_authstatus = 'null'
2024-09-24 16:11:54,317 DEBUG [http-nio-8085-exec-12 url: /bamboo/userlogin.action] [BaseLoginFilter] redirectToOriginalDestination : Login redirect to: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar
2024-09-24 16:11:54,439 DEBUG [http-nio-8085-exec-25] [EnhancedServletModuleManagerWrapper] Enhance plugin filters with access check
2024-09-24 16:11:54,440 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [EnhancedServletModuleManagerWrapper] Enhance plugin filters with access check
2024-09-24 16:11:54,441 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [BaseLoginFilter] doFilter : ____ Attempting login for : '/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar'
2024-09-24 16:11:54,441 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [AccessTokenLoginFilter] Could not find personal access token in request header
2024-09-24 16:11:54,441 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [BaseLoginFilter] doFilter : Login completed for 'null' - os_authstatus = 'failed'
2024-09-24 16:11:54,441 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [BaseLoginFilter] doFilter : ____ Attempting login for : '/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar'
2024-09-24 16:11:54,444 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [PasswordBasedLoginFilter] login : No user name or password was returned. No authentication attempt will be made.  User may still be found via a SecurityFilter later.
2024-09-24 16:11:54,444 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [BaseLoginFilter] doFilter : Login completed for 'null' - os_authstatus = 'null'
2024-09-24 16:11:54,444 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [SecurityFilter] doFilter : Storing the originally requested URL (atlassian.core.seraph.original.url=/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar)
2024-09-24 16:11:54,444 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [SecurityFilter] doFilter : requiredRoles = []
2024-09-24 16:11:54,449 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [SecurityFilter] doFilter : Setting Auth Context to be 'admin'
2024-09-24 16:11:54,449 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [SecureAccessFilter] Apply access check for sub sequence filters
2024-09-24 16:11:54,449 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [SecureAccessFilterChain] Doing access check for Filter class com.atlassian.bamboo.filter.AccessLogFilter
2024-09-24 16:11:54,450 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [SecureAccessFilterChain] Doing access check for Filter class com.atlassian.bamboo.filter.BambooProfilingFilter
2024-09-24 16:11:54,450 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [EnhancedServletModuleManagerWrapper] Enhance plugin filters with access check
2024-09-24 16:11:54,451 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [SecureAccessFilterChain] Doing access check for Filter class com.atlassian.bamboo.filter.BambooSecureServletAccessFilter
2024-09-24 16:11:54,452 TRACE [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [BambooSecureServletAccessFilter] Servlet agentInstallerServlet requires ANONYMOUS_SITE_ACCESS access
2024-09-24 16:11:54,452 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [BambooSecureServletAccessFilter] [not authenticated] has no authority to access servlet agentInstallerServlet - request denied
2024-09-24 16:11:54,453 DEBUG [http-nio-8085-exec-25 url: /bamboo/agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar] [BambooSecureServletAccessFilter] Unauthenticated access attempt for /agentServer/agentInstaller/atlassian-bamboo-agent-installer-10.0.1.jar. Redirecting to login page

      Workaround

      Option #1

      Enable Anonymous Access under Global Permissions. This will allow the installer jar file to be downloaded without authentication.

      • Bamboo Administration >> (Security) Global Permissions >> Anonymous users

      Note: Allowing Anonymous Users to access your Bamboo system means that people who aren't logged in to Bamboo will be able to perform functions such as generating reports, and viewing plans and build results. If that's not the intended behaviour, please make sure to download the Agent installer once and to disable Anonymous access; then distribute the downloaded jar file directly to your Agents hosts using alternative file copy methods.

      Option #2

      You can download the Agent Installer jar file directly from the Atlassian public repositories. This is lightweight version of the Agent installer, which means the Installer will need to fetch most of the jar packages components from the Bamboo server once invoked and may take a bit longer to bootstrap for the first time:

        1. bamboowebsudo.gif
          3.41 MB
          Anik Sengupta

              73868399605e Eduardo Alvarenga (Inactive)
              f84a05b06223 Anik Sengupta
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: