-
-
Notifications
You must be signed in to change notification settings - Fork 8.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JENKINS-67075] Strip a possible daemon-injected prefix when restarting the server. #5899
[JENKINS-67075] Strip a possible daemon-injected prefix when restarting the server. #5899
Conversation
…ng the server. At least the Debian packages rely on the `daemon` command to start the server with appropriate parameters, leveraging the /etc/init.d/jenkins shell script and the variables set in the /etc/default/jenkins config file. The init script calls `/usr/bin/daemon --name=$NAME […]`, with NAME defaulting to `jenkins`. Starting with daemon 0.7.0-1 (as found in Debian 11 “Bullseye” and in Ubuntu since Hirsute Hippo), using the `--name` option results in the specified value's being prepended to the program being started. This can be checked with: root@jenkins:~# pgrep -f jenkins: -a 73109 jenkins: /usr/bin/java -Djava.awt.headless=true -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 root@jenkins:~# tr '\0' '\n' < /proc/73109/cmdline jenkins: /usr/bin/java -Djava.awt.headless=true -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 Therefore, detect and remove such a prefix from the first argument (the executable). Since the daemon's name is configurable, don't hardcode "jenkins: ", but strip everything until the first slash if it's preceeded by a colon and a space. Signed-off-by: Cyril Brulebois <cyril@debamax.com>
String exe = args.get(0); | ||
exe = exe.replaceFirst("^(.*): /", "/"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this regular expression discard the first string that does not contain a ':' character, ending with a ':'? Shouldn't it require at least one character in the prefix string before the ':' character?
exe = exe.replaceFirst("^(.*): /", "/"); | |
exe = exe.replaceFirst("^([^:]+): /", "/"); |
I still need to test this on a Debian 11 system before I'm ready to approve the pull request or my tentatively proposed change to the pull request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're absolutely right; I was so focused on figuring out how replacements work in the Java world that I have lost track of the actual pattern, and forgot to try and improve it. Given https://sources.debian.org/src/adduser/3.118/adduser/#L866 (and probably other constraints on different platforms), it looks like an “interesting” topic.
Anyway, it looks like:
*
→+
makes sense;- excluding
:
from the character class looks good to me; - maybe excluding
/
as well for good measure?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change makes sense, but UnixLifecycle
seems like the wrong layer to introduce this logic. I think it would be better to place this logic in JavaVMArguments
, where the fix would extend to any functionality consuming the Jenkins controller JVM arguments (e.g., HsErrPidList
) rather than just the UnixLifecycle
class.
Oh, right. I took Also, for completeness: chatting a little with @evgeni on Twitter, we mentioned one could try and get to the actual executable (e.g. |
ssh me@someserver nohup java -jar jenkins.war or something ridiculous like that, where ( |
Why must you set it for |
I do not work on that chart and cannot vouch for its correctness. CloudBees CI sets |
But why must you set it? As it seems to work fine in my experience with the default (at least on Linux x64) |
Because the default is to use |
thanks created jenkinsci/helm-charts#529 |
I agree with this. If Jenkins is being run in a container, we should always be using When JENKINS-41218 is fixed, I think we should also use |
Is this needed after jenkinsci/packaging#261 ? |
Yes, jenkinsci/packaging#261 should fix JENKINS-67075. My vote would be to ship it in a weekly or two and then go for LTS, but @MarkEWaite likely wants to hold off. |
it'll be in the weekly next Tuesday as it's merged. |
At least the Debian packages rely on the
daemon
command to start theserver with appropriate parameters, leveraging the /etc/init.d/jenkins
shell script and the variables set in the /etc/default/jenkins config
file.
The init script calls
/usr/bin/daemon --name=$NAME […]
, with NAMEdefaulting to
jenkins
. Starting with daemon 0.7.0-1 (as found inDebian 11 “Bullseye” and in Ubuntu since Hirsute Hippo), using the
--name
option results in the specified value's being prepended tothe program being started.
This can be checked with:
Therefore, detect and remove such a prefix from the first argument
(the executable). Since the daemon's name is configurable, don't
hardcode "jenkins: ", but strip everything until the first slash if
it's preceeded by a colon and a space.
Signed-off-by: Cyril Brulebois cyril@debamax.com
See JENKINS-67075.
Proposed changelog entries
Submitter checklist
I've written this change on top of my local
stable-2.303
branch (and it can be cherry-picked trivially on top ofmaster
, which is what I'm submitting here), and tested it by deploying the generated war file instead of the one shipped in the Debian package, then using the/safeRestart
entry point to make sure the server does restart correctly. I'm not sure it warrants adding tests in the source code tree.Desired reviewers
Maintainer checklist
Before the changes are marked as
ready-for-merge
:Proposed changelog entries
are correctupgrade-guide-needed
label is set and there is aProposed upgrade guidelines
section in the PR title. (example)lts-candidate
to be considered (see query).