Jenkins IllegalArgumentException while adding a new slave

Question

I want to add a new slave to Jenkins. When I followed the Jenkins UI, it gives me the command below

java -jar agent.jar -jnlpUrl http://<jenkins_url>/computer/<slave_name>/slave-agent.jnlp -secret 4b59708a20e155c8ccb39f1fb046be09f72c712ed839401195c475d5fdb2b0e5

When I tried to execute that command, its output like below:

Exception in thread "main" java.lang.IllegalArgumentException: IV buffer too short for given offset/length combination
        at javax.crypto.spec.IvParameterSpec.<init>(IvParameterSpec.java:80)
        at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:515)
        at hudson.remoting.Launcher.run(Launcher.java:325)
        at hudson.remoting.Launcher.main(Launcher.java:283)

Could you please help me about this error? Any help will be appreciated. Thanks in advance.

Best Regards.

Answer 1

I reviewed the setting of the IV length in Jenkins code as well as in the Jenkins agents code (remoting) and it seems to be consistently set to 16 bytes everywhere.

However, by running curl to GET the slave-agent.jnlp URL ($JENKINS_URL/computer/$node_name/slave-agent.jnlp), I found that the http:// URL which I thought I should be using returns just "302 Found" with the "location" header set to the same URL but with https://. curling that, I saw messages about missing permissions in Jenkins (to Read, then to Connect agents). Adding those for anonymous users (at $JENKINS_URL/configureSecurity, using matrix-based security) resolved that issue for me.

Or rather, it turned it into another issue, which was "Connection refused". It took me another while to figure out that -- for our Jenkins master running in a container -- in the Global Security configuration, "TCP port for inbound agents" must be set to the container-internal port, while in the node configuration, "Tunnel connection through" has to be set to the external port.

I hope my debugging exercise will be at least partially applicable in your context, too.