Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Race condition for dsl job queue() and dsl script security

See original GitHub issue

Hi,

I have multiple .yaml files in my CASC_JENKINS_CONFIG folder. One primarily does all the heavy lifting including disabling dsl security, e.g.:

security:
  globaljobdslsecurityconfiguration:
    useScriptSecurity: false

In a separate CASC_JENKINS_CONFIG file I am creating a seed dsl job that pulls in more dsl groovy scripts over git, e.g.:

jobs:
  - script: >
      pipelineJob('dsl-seed-job') {
         definition {
           cps {
             script('''node {
               stage('some_config') {
                  git branch: SOME_BRANCH, credentialsId: SOME_CREDENTIAL_ID, url: SOME_URL
                  jobDsl targets: 'job_dsl/*.groovy'
               ..................................
      }
      queue('dsl-seed-job')

Because this job itself executes wildcard jobDsl scripts, script security must be disabled before it is queued in order for it to run unattended. But from the jenkins log file, it unfortunately consistently queues the job just before the script security parameter is updated, and so it fails to actually run without manual permission / intervention:

Oct 24, 2018 6:41:17 PM javaposse.jobdsl.plugin.JenkinsJobManagement createOrUpdateConfig
INFO: createOrUpdateConfig for dsl-seed-job
Oct 24, 2018 6:41:18 PM hudson.plugins.promoted_builds.integrations.jobdsl.PromotionsExtensionPoint notifyItemCreated
INFO: Creating promotions for dsl-seed-job
Oct 24, 2018 6:41:18 PM io.jenkins.plugins.casc.Attribute setValue
INFO: Setting javaposse.jobdsl.plugin.GlobalJobDslSecurityConfiguration@39f2b7fe.useScriptSecurity = false

If I go login into CasC interface within jenkins management after the container has started and hit ‘Reload Existing Configuration’ without making any yaml changes, the seed job successfully queues.

Is there a way to specify a prerequisite change in CasC so this doesn’t happen, or enforce lexicographical filename order for yaml changes? My current workaround is to use a Datetime() delta and cron schedule the seed job to run in 1 minute which gives the config enough time to finish updating, but it feels like a sloppy workaround.

Jenkins version 2.138.2
Plugin version 1.11
docker jenkins/jenkins:lts

Thanks

Issue Analytics

State:
Created 5 years ago
Comments:12 (7 by maintainers)

Top GitHub Comments

3reactions

weirdbizcommented, Jul 5, 2019

@casz, Hi, just found that with JCasC v.1.22 and Job-DSL v.1.74 this issue still exists. I use freestyleJob to create ‘Process Job DSL’ step. On first clean startup queue() part does not create new build, but if I reload configuration it’s OK. I’m running jenkins/jenkins:lts in Docker and have single .yaml JCasC config file, with the following code:

security:
  globalJobDslSecurityConfiguration:
    useScriptSecurity: false

And then:

jobs:
  - script: >
      freeStyleJob('seed-job') {
          displayName('Seed Job')
          scm {
              git {
                  remote {
                      credentials('git_credentials')
                      url('http://<git_url>/DSL-Jobs.git')
                  }
              }
          }
          steps {
              dsl {
                  external('dsl/*.groovy')
                  removeAction('DELETE')
                  ignoreExisting(false)
                  }
               }
      }
  - script: >
      queue('seed-job')

System log:

Jul 05, 2019 10:18:39 AM INFO javaposse.jobdsl.plugin.JenkinsJobManagement createOrUpdateConfig
createOrUpdateConfig for seed-job
Jul 05, 2019 10:18:44 AM INFO javaposse.jobdsl.plugin.JenkinsJobManagement queueJob
Scheduling build of seed-job from seed-job
Jul 05, 2019 10:18:45 AM WARNING io.jenkins.plugins.casc.BaseConfigurator createAttribute
Can't handle class javaposse.jobdsl.plugin.GlobalJobDslSecurityConfiguration#metaClass: type is abstract but not Describable.
Jul 05, 2019 10:18:45 AM WARNING io.jenkins.plugins.casc.BaseConfigurator createAttribute
Can't handle class javaposse.jobdsl.plugin.GlobalJobDslSecurityConfiguration#metaClass: type is abstract but not Describable.
Jul 05, 2019 10:18:45 AM INFO io.jenkins.plugins.casc.Attribute setValue
Setting javaposse.jobdsl.plugin.GlobalJobDslSecurityConfiguration@2e8a1554.useScriptSecurity = false
Jul 05, 2019 10:18:46 AM INFO io.jenkins.plugins.casc.Attribute setValue
Setting jenkins.model.GlobalConfigurationCategory$Security@480fac94.globalJobDslSecurityConfiguration = javaposse.jobdsl.plugin.GlobalJobDslSecurityConfiguration@2e8a1554

2reactions

jetersencommented, Oct 25, 2018

Just linking #280 🙈

Top Results From Across the Web

Job DSL job generation results in java.nio.file ... - Jenkins Jira

There are two things that can aid this in happening that look like a race condition: Job configuration resides on a NFS drive....

Script Security Plugin - Jenkins

The Script Security plugin ships with a small default whitelist, and integrating plugins may add operations to that list (typically methods specific to...

[JIRA] (JENKINS-53775) FileNotFoundException for program ...

[JIRA] (JENKINS-53775) FileNotFoundException for program.dat when running a Pipeline Job concurrently with the Job DSL plugin. 555 views.

Spring Integration Reference Guide

The reactive() Endpoint; 13.5. DSL and Endpoint Configuration; 13.6. Transformers; 13.7. Inbound Channel Adapters; 13.8. Message Routers; 13.9.

How to handle race conditions in Web Service? - Stack Overflow

I got the following setup: There is a database which handles 'job'-entries. Each job has a status like 'executing' or 'in queue' or...