New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ftp.belnet.be should be removed from mirrors or a fall-back offered #3784
Comments
Hi @kwisatz thanks for pointing this out. As a temporary measure, we've dsiabled ftp.belnet.be and we'll check with them:
Can you retry a download? A nice tip: for any package/plugin download on Jenkins, you can add a custom query string to check the list of mirrors which are able to serve a given file. For instance: https://get.jenkins.io/plugins/ant/497.v94e7d9fffa_b_9/ant.hpi?mirrorlist
Godd point. cc @smerle33 @lemeurherve @MarkEWaite for info: this is another example and good reason to update our fallback strategy: I'll take care of documenting and adding archives.jenkins.io and check it.
@kwisatz would your company or you be able to help us by providing (or pointing us) a download mirror in France (free or sponsored)? That would help to provide localized downloads by countries, closer to your infrastructure to leverage the risk of you and your team (as you depend on a freely maintained open source project only living by donation and sponsorships). |
I don't think that it would make a lot of sense for us to supply a mirror in France, even if we happen to run our CI infrastructure over there. There are massive players like OVH or Scaleway that should be in a much better position to do so. We're just a tiny development company really and I would say, if we'd set up a mirror, then it would make more sense, speaking of scale, not of personal benefits in this case, to do this within the Luxembourg region. |
Both cases are "sponsors". With the wording I used (which might not be perfect English), I meant:
No problem, I'm opening the discussion without any goal except reminding us that Jenkins is a project only living from sponsors 🤗 But if by any mean you know an university, a company or an organization whom could provide one of those 2 (or who could be a member of the CDF - https://cd.foundation/members/join/) it would help to achieve your goals (and ours ;) ). Btw @kwisatz , did the temporary measure unblocked you? |
@dduportal I had installed the updated The following packages will be upgraded:
jenkins
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 88.9 MB of archives.
After this operation, 20.5 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 https://pkg.jenkins.io/debian binary/ jenkins 2.427 [88.9 MB]
Fetched 88.9 MB in 8s (11.5 MB/s)
Reading changelogs... Done
(Reading database ... 95899 files and directories currently installed.)
Preparing to unpack .../archives/jenkins_2.427_all.deb ...
Unpacking jenkins (2.427) over (2.426) ...
Setting up jenkins (2.427) ... So, yes, thank you! |
Hello @kwisatz , could you share with us your public outbound IP(s) please? If you want it to be private, please send to jenkins-infra-team@googlegroups.com (this is the Jenkins infra private list). We need this to identify your network to check with the Belnet maintainers. |
@dduportal I've sent an email. |
thanks! email received, we're going to check 2 things from now:
|
@kwisatz in parallel, could share with us the results of:
and
? |
root@fyrine:~# curl --verbose --output /dev/null https://ftp.belnet.be/mirror/jenkins/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 193.190.198.27:443...
* Trying 2001:6a8:3c80::27:443...
* Immediate connect fail for 2001:6a8:3c80::27: Cannot assign requested address
0 0 0 0 0 0 0 0 --:--:-- 0:02:09 --:--:-- 0* connect to 193.190.198.27 port 443 failed: Connection timed out
* Failed to connect to ftp.belnet.be port 443: Connection timed out
0 0 0 0 0 0 0 0 --:--:-- 0:02:09 --:--:-- 0
* Closing connection 0
curl: (28) Failed to connect to ftp.belnet.be port 443: Connection timed out Trace route with the first hop obfuscated: root@fyrine:~# traceroute ftp.belnet.be
traceroute to ftp.belnet.be (193.190.198.27), 30 hops max, 60 byte packets
1 ***-***-**-1.rev.poneytelecom.eu (***.***.**.1) 0.358 ms 0.469 ms 0.605 ms
2 195.154.2.0 (195.154.2.0) 0.326 ms 0.416 ms 195.154.2.2 (195.154.2.2) 0.399 ms
3 51.158.8.70 (51.158.8.70) 0.425 ms 51.158.8.68 (51.158.8.68) 0.455 ms 51.158.8.74 (51.158.8.74) 0.738 ms
4 be4752.rcr21.b039311-0.par04.atlas.cogentco.com (149.6.165.65) 0.590 ms 0.629 ms be4751.rcr21.b022890-0.par04.atlas.cogentco.com (149.6.164.41) 0.661 ms
5 be3750.ccr31.par04.atlas.cogentco.com (154.54.60.201) 1.367 ms be2152.ccr32.par04.atlas.cogentco.com (154.54.61.37) 1.816 ms be3739.ccr31.par04.atlas.cogentco.com (154.54.60.185) 69.638 ms
6 be2103.ccr42.par01.atlas.cogentco.com (154.54.61.21) 3.482 ms be2102.ccr41.par01.atlas.cogentco.com (154.54.61.17) 1.480 ms be3183.ccr41.par01.atlas.cogentco.com (154.54.38.65) 4.534 ms
7 be3674.rcr21.bru01.atlas.cogentco.com (130.117.48.234) 6.730 ms 6.850 ms be3675.rcr21.bru01.atlas.cogentco.com (154.54.57.166) 6.715 ms
8 be2525.nr61.b015929-1.bru01.atlas.cogentco.com (154.25.12.246) 7.357 ms 7.403 ms 7.483 ms
9 149.11.150.2 (149.11.150.2) 6.796 ms 6.804 ms 6.769 ms
10 * * *
11 * * * |
Sent an email to the FTP belnet maintainers, let's wait for their answer. |
Hi @kwisatz , we receieved an answer from Belnet: your IP is in a range which was blocked due to DDOS from some IPs in it. They removed the firewall rule: can you confirm it is working for you with a |
Looking good!
|
Thanks for confirmation. We've enabled the mirror again in get.jenkins.io ( I'm closing the issue, feel free to reopen if you see a new problem! |
Service(s)
pkg.jenkins.io
Summary
Our CI server, which is hosted in France is made to download from that server and it or the IP range is uses seems to have been blocked by
ftp.belnet.be
(I can access the site just fine over my local ISP).See https://community.jenkins.io/t/how-to-hardconfig-the-mirror-to-use/10099 and https://community.jenkins.io/t/issue-while-upgrading-plugins-on-latest-jenkins/9846 for recent reports by other people, as well as a somewhat related https://groups.google.com/g/jenkins-infra/c/C7cW3MKwR0I?pli=1.
vs.
kwisatz@thufir:~$ curl -Is https://ftp.belnet.be/mirror/jenkins/debian/ HTTP/2 200 server: nginx date: Sun, 15 Oct 2023 14:54:48 GMT content-type: text/html
I can understand that someone wants to protect their infrastructure from attacks that might have come from a hoster's IP range, but IMHO what they do is too aggressive and it makes belnet.be no longer a valid mirror.
pkg.jenkins.io does not seem to offer any alternatives or fallback options. Meaning I am unable to upgrade jenkins normally (or automatically), which puts me (and everyone with the same issue) at risk.
Reproduction steps
The text was updated successfully, but these errors were encountered: