Unable to run Jenkins Slave jobs on AWS EC2 Centos 7 VM

Question

I have Jenkins Master Server running on prem and my slaves are running on AWS. It's Centos 7 EC2 VM.

When Jenkins tries to push slave.jar file over scp it fails with the following error message:

    java.io.IOException: Could not open channel (state:4)
    at com.trilead.ssh2.channel.ChannelManager.ioException(ChannelManager.java:1543)
    at com.trilead.ssh2.channel.ChannelManager.waitUntilChannelOpen(ChannelManager.java:122)
    at com.trilead.ssh2.channel.ChannelManager.openSessionChannel(ChannelManager.java:574)
    at com.trilead.ssh2.Session.<init>(Session.java:42)
    at com.trilead.ssh2.Connection.openSession(Connection.java:1145)
    at com.trilead.ssh2.SFTPv3Client.<init>(SFTPv3Client.java:99)
    at com.trilead.ssh2.SFTPv3Client.<init>(SFTPv3Client.java:119)
    at hudson.plugins.sshslaves.SFTPClient.<init>(SFTPClient.java:43)
    at hudson.plugins.sshslaves.SSHLauncher.copySlaveJar(SSHLauncher.java:1138)
    at hudson.plugins.sshslaves.SSHLauncher.access$400(SSHLauncher.java:148)
    at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:833)
    at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:810)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: The server refused to open the channel (SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, 'open failed')
    at com.trilead.ssh2.channel.Channel.setReasonClosed(Channel.java:331)
    at com.trilead.ssh2.channel.ChannelManager.msgChannelOpenFailure(ChannelManager.java:1392)
    at com.trilead.ssh2.channel.ChannelManager.handleMessage(ChannelManager.java:1484)
    at com.trilead.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:809)
    at com.trilead.ssh2.transport.TransportManager$1.run(TransportManager.java:502)
    ... 1 more
java.io.IOException: Could not copy slave.jar into '/home/nutanix' on slave
    at hudson.plugins.sshslaves.SSHLauncher.copySlaveJarUsingSCP(SSHLauncher.java:1222)
    at hudson.plugins.sshslaves.SSHLauncher.copySlaveJar(SSHLauncher.java:1183)
    at hudson.plugins.sshslaves.SSHLauncher.access$400(SSHLauncher.java:148)
    at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:833)
    at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:810)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: Could not open channel (state:4)
    at com.trilead.ssh2.channel.ChannelManager.ioException(ChannelManager.java:1543)
    at com.trilead.ssh2.channel.ChannelManager.waitUntilChannelOpen(ChannelManager.java:122)
    at com.trilead.ssh2.channel.ChannelManager.openSessionChannel(ChannelManager.java:574)
    at com.trilead.ssh2.Session.<init>(Session.java:42)
    at com.trilead.ssh2.Connection.openSession(Connection.java:1145)
    at com.trilead.ssh2.Connection.exec(Connection.java:1566)
    at hudson.plugins.sshslaves.SSHLauncher.copySlaveJarUsingSCP(SSHLauncher.java:1216)
    ... 8 more
Caused by: java.io.IOException: The server refused to open the channel (SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, 'open failed')

The solution provided in SSH tunneling error: "channel 1: open failed: administratively prohibited: open failed" did not work for me.

Can you perform the scp via the command line as the jenkins user? — Raman Sailopal, Feb 20 '18 at 15:15

score 0 · Answer 1 · answered Mar 15 '18 at 03:01

There are a few things you can check or try to troubleshoot this:

Check your security groups in AWS to make sure your Jenkins server will be able to access any slave servers via SSH. I'm guessing you already have this in place but its worth a check.
Log into the Jenkins server and try to connect to the slaver server directly from the command line. Make sure you are able to connect that way with no errors. Then, confirm that the user you are connecting to is the same one that Jenkins is trying to use. In your output, I see "Could not copy slave.jar into '/home/nutanix' on slave". In the AWS docutmation for connecing to a linux instance, the username for CentOS systems is centos. Make sure Jenkins is configured to use that username and has access to the key needed to log in as that user.
Consider using the Amazon EC2 plugin for connecting to slaves in AWS. With that plugin, much of the setup is taken care of in a configuration and you don't need to worry about it at the job level. In addition, the slaves will be spun up and down on demand keeping your AWS costs low.

Unable to run Jenkins Slave jobs on AWS EC2 Centos 7 VM

1 Answers1