jx CLI failed to generate Jenkins API token over REST API due to: logging in: cookies did not work; bad login or not using legacy security realm: 403 Forbidden
Summary
The jx CLI fails to generate the Jenkins API token while creating an EKS cluster on AWS.
Steps to reproduce the behavior
mkdir -p ~/.jx/bin
curl -L https://github.com/jenkins-x/jx/releases/download/v2.0.558/jx-linux-amd64.tar.gz | tar xzv
mv jx ~/.jx/bin
jx --version
export AWS_DEFAULT_REGION=us-west-2
echo "nexus:
enabled: false
" | tee myvalues.yaml
jx create cluster eks \
--cluster-name jx-rocks \
--region $AWS_DEFAULT_REGION \
--node-type t2.large \
--nodes 3 \
--nodes-min 3 \
--nodes-max 6 \
--default-admin-password=admin \
--default-environment-prefix jx-rocks \
--git-provider-kind github \
--static-jenkins true
Expected behavior
The appropriate Jenkins resources/jobs should have been created.
Actual behavior
The warning message "retrying after error:Failed to create the tmp-cd folder in Jenkins: 500 Server Error" is printed several times, but the output includes the message "Jenkins X installation completed successfully" even though the Jenkins resources/jobs were not created.
Jx version
The output of jx version is:
NAME VERSION
jx 2.0.558
jenkins x platform 2.0.911
Kubernetes cluster v1.13.8-eks-a977ba
kubectl v1.13.2
helm client Client: v2.14.3+g0e7f3b6
git git version 2.17.1
Operating System Ubuntu 18.04.2 LTS
Jenkins type
- [ ] Serverless Jenkins X Pipelines (Tekton + Prow)
- [X] Classic Jenkins
Kubernetes cluster
EKS cluster created with the command listed above. See attached log file (hostname, username, e-mail address, etc were replaced by dummy values).
Operating system / Environment
Ubuntu 18.04 LTS
patguimaraes
All 9 comments
I'm having the same issue and I also confirmed from at least two other users that are experiencing the same.
vfarcic
on 19 Aug 2019
Escalating per CloudBees product management
deanesmith
on 30 Aug 2019
@vfarcic do you know if this is only when installing on EKS?
rawlingsj
on 30 Aug 2019
Yes. I experienced that only in EKS and only with static jx. Quite a few other people experienced and told me the same.
vfarcic
on 30 Aug 2019
this looks similar too BTW https://github.com/jenkins-x/jx/issues/3939
I wonder if it could be related to special chars in the generate password? If someone gets the chance to try it might be worth setting the --default-admin-passoword to something basic (i.e. no special chars) and see if the issue still happens? Just a guess really.
rawlingsj
on 30 Aug 2019
It's not that. Take a look at the jx create cluster command posted above. It has the --default-admin-password=admin argument.
vfarcic
on 30 Aug 2019
Any idea when this issue will be resolved? I really need to install jx on an EKS cluster.
pguimaraes
on 4 Sep 2019
While working on enabling AWS for CJXD I also tried to replicate this issue and found the cause of it.
It's this line: --static-jenkins true the flag is --static-jenkins if you add a space instead of =, the true in that line is considered a argument to the command. We then send that argument down the line and it ends up being the first argument of jx create jenkins token.
This means that we are trying to connect to the Jenkins server with username true and password admin, that's why it's not being able to log in at all.
The workaround would be to just call the flag --static-jenkins or --static-jenkins=true|false without the space.
I'm working on a better fix which would delete any unwanted arguments to be passed down the commands chain.
dgozalo
on 10 Sep 2019
@dgozalo Thank you for the workaround. I can confirm that I can successfully install Jenkins X on an EKS cluster on AWS using the provided workaround.
pguimaraes
on 11 Sep 2019
Related issues
empath
路
3Comments
ipv1337
路
3Comments
jstrachan
路
3Comments
shahnewazrifat
路
3Comments
jstrachan
路
4Comments
Most helpful comment
Yes. I experienced that only in EKS and only with static
jx. Quite a few other people experienced and told me the same.