Bug 1970962 - Exception inside the Jenkins Master pod
Summary: Exception inside the Jenkins Master pod
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Jenkins
Version: 4.9
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.9.0
Assignee: Akram Ben Aissi
QA Contact: Jitendar Singh
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-11 14:45 UTC by Jitendar Singh
Modified: 2021-10-18 17:34 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-18 17:33:48 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift jenkins pull 1276 0 None open Bug 1970962: Remove dependency to acegi-security in favor of jbcrypt (because aceg… 2021-06-11 14:52:28 UTC
Red Hat Product Errata RHSA-2021:3759 0 None None None 2021-10-18 17:34:08 UTC

Description Jitendar Singh 2021-06-11 14:45:37 UTC 
When trying to create a jenkins instance using jenkins template we see the below expection.
=========================================================================
 ✘ jsingh@fugaku  /usr/local/go/src/github.com/leetcode   main  oc logs -f jenkins-1-cj6pr
2021/06/11 14:34:48 [go-init] No pre-start command defined, skip
2021/06/11 14:34:48 [go-init] Main command launched : /usr/libexec/s2i/run
Using JENKINS_SERVICE_NAME=jenkins
Generating jenkins.model.JenkinsLocationConfiguration.xml using (/var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml.tpl) ...
Jenkins URL set to: https://jenkins-jenkins-test1.apps.dev-svc-4.8-061107.devcluster.openshift.com in file: /var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml
/usr/libexec/s2i/run: line 24: /jenkins.model.JenkinsLocationConfiguration.xml.tpl: No such file or directory
CONTAINER_MEMORY_IN_MB='1024', using /usr/lib/jvm/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/bin/java and /usr/lib/jvm/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/bin/javac
Picked up JAVA_TOOL_OPTIONS: -XX:+UnlockExperimentalVMOptions -Dsun.zip.disableMemoryMapping=true
Exception in thread "main" java.lang.NoClassDefFoundError: org/acegisecurity/providers/encoding/ShaPasswordEncoder
	at com.redhat.openshift.PasswordEncoder.main(PasswordEncoder.java:20)
Caused by: java.lang.ClassNotFoundException: org.acegisecurity.providers.encoding.ShaPasswordEncoder
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
	... 1 more
========================================================================
TO TEST IT

oc set env dc jenkins OPENSHIFT_ENABLE_OAUTH=false
then, openshift sso login will be disabled, and we are supposed to be able to login withe the default password which is password
=================================================================
Comment 1 Akram Ben Aissi 2021-06-11 14:51:41 UTC 
As discussed on slack, this is related to the upgrade of Jenkins 2.277 which remove acegi-security in favor of spring-security.
This breaks the default password setting for our image which is used when:
```
oc set env dc jenkins OPENSHIFT_ENABLE_OAUTH=false
```
If, openshift oauth is disabled for jenkins, we are using default jenkins authentication by setting password to password or by the value pointed by env: JENKINS_PASSWORD.

The fix consists in using bcrypt instead of sha256 digest which is now considered insecure for storing password. Startup scripts have to be modified as a consequence.

This is what the PR does.
Comment 3 Jitendar Singh 2021-07-28 10:11:29 UTC 
verified
=========
no more exception
Comment 8 errata-xmlrpc 2021-10-18 17:33:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759
Note You need to log in before you can comment on or make changes to this bug.