Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1970962

Summary: Exception inside the Jenkins Master pod
Product: OpenShift Container Platform Reporter: Jitendar Singh <jitsingh>
Component: JenkinsAssignee: Akram Ben Aissi <abenaiss>
Status: CLOSED ERRATA QA Contact: Jitendar Singh <jitsingh>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.9CC: aos-bugs, pbhattac, sychen
Target Milestone: ---   
Target Release: 4.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-18 17:33:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jitendar Singh 2021-06-11 14:45:37 UTC 
When trying to create a jenkins instance using jenkins template we see the below expection.
=========================================================================
 ✘ jsingh@fugaku  /usr/local/go/src/github.com/leetcode   main  oc logs -f jenkins-1-cj6pr
2021/06/11 14:34:48 [go-init] No pre-start command defined, skip
2021/06/11 14:34:48 [go-init] Main command launched : /usr/libexec/s2i/run
Using JENKINS_SERVICE_NAME=jenkins
Generating jenkins.model.JenkinsLocationConfiguration.xml using (/var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml.tpl) ...
Jenkins URL set to: https://jenkins-jenkins-test1.apps.dev-svc-4.8-061107.devcluster.openshift.com in file: /var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml
/usr/libexec/s2i/run: line 24: /jenkins.model.JenkinsLocationConfiguration.xml.tpl: No such file or directory
CONTAINER_MEMORY_IN_MB='1024', using /usr/lib/jvm/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/bin/java and /usr/lib/jvm/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/bin/javac
Picked up JAVA_TOOL_OPTIONS: -XX:+UnlockExperimentalVMOptions -Dsun.zip.disableMemoryMapping=true
Exception in thread "main" java.lang.NoClassDefFoundError: org/acegisecurity/providers/encoding/ShaPasswordEncoder
	at com.redhat.openshift.PasswordEncoder.main(PasswordEncoder.java:20)
Caused by: java.lang.ClassNotFoundException: org.acegisecurity.providers.encoding.ShaPasswordEncoder
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
	... 1 more
========================================================================
TO TEST IT

oc set env dc jenkins OPENSHIFT_ENABLE_OAUTH=false
then, openshift sso login will be disabled, and we are supposed to be able to login withe the default password which is password
=================================================================
Comment 1 Akram Ben Aissi 2021-06-11 14:51:41 UTC 
As discussed on slack, this is related to the upgrade of Jenkins 2.277 which remove acegi-security in favor of spring-security.
This breaks the default password setting for our image which is used when:
```
oc set env dc jenkins OPENSHIFT_ENABLE_OAUTH=false
```
If, openshift oauth is disabled for jenkins, we are using default jenkins authentication by setting password to password or by the value pointed by env: JENKINS_PASSWORD.

The fix consists in using bcrypt instead of sha256 digest which is now considered insecure for storing password. Startup scripts have to be modified as a consequence.

This is what the PR does.
Comment 3 Jitendar Singh 2021-07-28 10:11:29 UTC 
verified
=========
no more exception
Comment 8 errata-xmlrpc 2021-10-18 17:33:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759