Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bamboo Remote Agent running Docker AWS ECS security token issue

Phill Pafford
Phill Pafford April 28, 2023

The issue: How to set the name of the remote agent and configure the agent authentication using the security token

We are building our own image as mentioned here 

example Dockerfile 

FROM atlassian/bamboo-agent-base:9.1.1

############################
## bamboo remote agent envs
############################
ENV BAMBOO_SERVER="https://bamboo.server"
ENV IGNORE_SERVER_CERT_NAME=true
ENV ALLOW_EMPTY_ARTIFACTS=true

############################
## install Docker in Docker
############################
COPY --from=docker:dind /usr/local/bin/docker /usr/local/bin/

## Install and configure the build server capabilities

COPY ./entrypoint.sh /data/entrypoint.sh
RUN chmod 777 /data/entrypoint.sh

ENTRYPOINT ["/data/entrypoint.sh"]

example entrypoint.sh

#!/bin/bash

## configure bamboo-agent.cfg.xml
cp /data/template.bamboo-agent.cfg.xml /var/atlassian/application-data/bamboo-agent/bamboo-agent.cfg.xml
chmod 644 /var/atlassian/application-data/bamboo-agent/bamboo-agent.cfg.xml
chown bamboo:bamboo /var/atlassian/application-data/bamboo-agent/bamboo-agent.cfg.xml

# set env for bamboo agent authentication 
## I'm pulling this value from a secret provider where I have the security toekn value
## https://confluence.atlassian.com/bamboo/agent-authentication-289277196.html
SECURITY_TOKEN=$(echo "${DATA}" | jq -r '."BAMBOO_REMOTE_AGENT_SECURITY_TOKEN"')

## add bamboo SECURITY_TOKEN to environment variable
export SECURITY_TOKEN=$SECURITY_TOKEN

## add bamboo SECURITY_TOKEN to /entrypoint.py from docker-bamboo-agent-base
sed -i -f - /entrypoint.py << EOF
s/SECURITY_TOKEN = env.get(SECURITY_TOKEN_KEY) if env.get(SECURITY_TOKEN_KEY) else BAMBOO_EPHEMERAL_AGENT_DATA_MAP.get(SECURITY_TOKEN_KEY)/SECURITY_TOKEN = '$SECURITY_TOKEN' \nenv[SECURITY_TOKEN] = SECURITY_TOKEN/g
EOF

## SECURITY_TOKEN needs to be set before entrypoint runs from docker-bamboo-agent-base
#sed -i "7 i SECURITY_TOKEN=$SECURITY_TOKEN" /runAgent.sh ## did not work

## entrypoint from docker-bamboo-agent-base
/entrypoint.py --log=INFO

example template.bamboo-agent.cfg.xml

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configuration>
  <buildWorkingDirectory>/var/atlassian/application-data/bamboo-agent/xml-data/build-dir</buildWorkingDirectory>
  <agentDefinition>
    <name>remote-agent-1</name>
    <description>remote-agent-1</description>
  </agentDefinition>
</configuration>

No matter what I do I always have to Approve Access to the remote agent as the security token does not get set. 

 

Question: How can I set the Security Token and the Agent Name

 

EDIT

I did just see the temp file: uuid-temp.properties

cat uuid-temp.properties 
#Agent UUID stored here temporarily until the agent is approved 
#Thu Apr 27 22:43:25 EDT 2023 
agentUuid=598a6816-d40f-4067-aa1d-53c7cefbb7fc

this looks to be the file to populate the in 

<configuration>
  <buildWorkingDirectory>/var/atlassian/application-data/bamboo-agent/xml-data/build-dir</buildWorkingDirectory>
  <agentUuid>598a6816-d40f-4067-aa1d-53c7cefbb7fc</agentUuid>
    <agentDefinition>
    <id>1234567</id>
    <name>remote-agent-1</name>
    <description>remote-agent-1</description>
  </agentDefinition>
</configuration>

I have not found it but if the Bamboo dev team happen to look at this ticket, would it be possible to implement something like this for the Security Token?

 

example: create a security-token.properties file as an alternative to the environment variable

NOTE: pseudo example, file doesn't exist

cat security-token.properties 
#Agent Security Token stored here to automate the agent authentication 
#Thu Apr 27 22:43:25 EDT 2023 
securityToken=ac3eq86b587026br1d7b3a1tdecf991b89ycd71u

 

EDIT

I see the security token is being passed, but it's still not working

INFO:root:Running Bamboo Agent with command '/opt/java/openjdk/bin/java', arguments ['/opt/java/openjdk/bin/java', '-Dbamboo.home=/var/atlassian/application-data/bamboo-agent', '-jar', '/opt/atlassian/bamboo/atlassian-bamboo-agent-installer.jar', 'https://bamboo.server/agentServer', '-t', 'ac3eq86b587026br1d7b3a1tdecf991b89ycd71u']

 

Answer
Watch
Like Be the first to like this
742 views

1 answer

1 accepted

Suggest an answer

Log in or Sign up to answer
0 votes
Answer accepted
Yevhen
Yevhen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 1, 2023

Hi @Phill Pafford when you say it's not working, do you mean security token never makes it to the server? What behavior do you see when the remote agent starts? Anything helpful in logs? Also, do you see the agent in remote agents page on Bamboo server side? If so, which status is it?

View More Comments
Reply
Phill Pafford
Phill Pafford May 1, 2023

slimmed down version, but hopefully you see the gist 


SECURITY_TOKEN: ac3eq86b587026br1d7b3a1tdecf991b89ycd71u

INFO:root:/var/atlassian/application-data/bamboo-agent/conf/wrapper.conf exists; skipping.
INFO:root:User is currently root. Will downgrade run user to bamboo
WARNING:root:Unsetting environment var SECURITY_TOKEN
INFO:root:Running Bamboo Agent with command '/opt/java/openjdk/bin/java', arguments ['/opt/java/openjdk/bin/java', '-Dbamboo.home=/var/atlassian/application-data/bamboo-agent', '-jar', '/opt/atlassian/bamboo/atlassian-bamboo-agent-installer.jar', 'https://bamboo.server/agentServer', '-t', 'ac3eq86b587026br1d7b3a1tdecf991b89ycd71u']
Installing agent wrapper
Unzipping /classpath.zip to /var/atlassian/application-data/bamboo-agent/classpath
Could not find source file /classpath.zip
Agent installed
Running [/var/atlassian/application-data/bamboo-agent/bin/bamboo-agent.sh, console]
Agent process started, shutdown hook registered, proceeding with log pump...
Running Bamboo Agent...
Removed stale pid file: /var/atlassian/application-data/bamboo-agent/bin/bamboo-agent.pid
STATUS | wrapper | 2023/05/01 16:24:26 | --> Wrapper Started as Console
STATUS | wrapper | 2023/05/01 16:24:26 | Java Service Wrapper Standard Edition 64-bit 3.5.51
STATUS | wrapper | 2023/05/01 16:24:26 | Copyright (C) 1999-2022 Tanuki Software, Ltd. All Rights Reserved.
STATUS | wrapper | 2023/05/01 16:24:26 | http://wrapper.tanukisoftware.com
STATUS | wrapper | 2023/05/01 16:24:26 | Licensed to Atlassian Pty Ltd for Bamboo Remote Agent
STATUS | wrapper | 2023/05/01 16:24:26 |
STATUS | wrapper | 2023/05/01 16:24:26 | Launching a JVM...
INFO | jvm 1 | 2023/05/01 16:24:27 | WrapperManager: Initializing...
INFO | jvm 1 | 2023/05/01 16:24:27 | 2023-05-01 16:24:27,538 INFO [WrapperSimpleAppMain] [RemoteAgentBootstrap] Starting Agent Bootstrap using Java 11.0.18 from Eclipse Adoptium. Default charset: UTF-8, file name encoding: UTF-8
INFO | jvm 1 | 2023/05/01 16:24:27 | 2023-05-01 16:24:27,541 INFO [WrapperSimpleAppMain] [RemoteAgentBootstrap] Agent bootstrap using endpoint: https://bamboo.server/agentServer
INFO | jvm 1 | 2023/05/01 16:24:27 | 2023-05-01 16:24:27,544 INFO [WrapperSimpleAppMain] [RemoteAgentHomeLocatorForBootstrap] Using agent home located at [/var/atlassian/application-data/bamboo-agent]
INFO | jvm 1 | 2023/05/01 16:24:27 | 2023-05-01 16:24:27,544 INFO [WrapperSimpleAppMain] [RemoteAgentHomeLocatorForBootstrap] Using agent home located at [/var/atlassian/application-data/bamboo-agent]
INFO | jvm 1 | 2023/05/01 16:24:27 | 2023-05-01 16:24:27,587 INFO [WrapperSimpleAppMain] [AgentUuidInitializer] Found agent UUID '86ed4752-cee6-4f64-95b1-d5405061fc97' in agent config file
INFO | jvm 1 | 2023/05/01 16:24:27 | 2023-05-01 16:24:27,587 INFO [WrapperSimpleAppMain] [RemoteAgentHomeLocatorForBootstrap] Using agent home located at [/var/atlassian/application-data/bamboo-agent]
INFO | jvm 1 | 2023/05/01 16:24:27 | 2023-05-01 16:24:27,590 INFO [WrapperSimpleAppMain] [AgentIdInitializer] Found agent id '5537813' in agent config file
INFO | jvm 1 | 2023/05/01 16:24:27 | 2023-05-01 16:24:27,591 INFO [WrapperSimpleAppMain] [AgentContext] Requesting fingerprint, url: https://bamboo.server/agentServer/GetFingerprint.action?hostName=blarg.compute.internal&version=4&agentUuid=86ed4752-cee6-4f64-95b1-d5405061fc97&securityToken=ac3eq86b587026br1d7b3a1tdecf991b89ycd71u&agentId=5537813
INFO | jvm 1 | 2023/05/01 16:24:27 | 2023-05-01 16:24:27,593 INFO [WrapperSimpleAppMain] [RemoteAgentHttpClientFactory] Creating a new HTTP client...
INFO | jvm 1 | 2023/05/01 16:24:27 | 2023-05-01 16:24:27,739 INFO [WrapperSimpleAppMain] [AgentContext] Authenticating against Bamboo server at https://bamboo.server/agentServer/
INFO | jvm 1 | 2023/05/01 16:24:27 | 2023-05-01 16:24:27,898 WARN [WrapperSimpleAppMain] [AgentContext]
INFO | jvm 1 | 2023/05/01 16:24:27 |
INFO | jvm 1 | 2023/05/01 16:24:27 | ********************************************************************************
INFO | jvm 1 | 2023/05/01 16:24:27 | *
INFO | jvm 1 | 2023/05/01 16:24:27 | * This agent requires manual approval.
INFO | jvm 1 | 2023/05/01 16:24:27 | * UUID: 86ed4752-cee6-4f64-95b1-d5405061fc97
INFO | jvm 1 | 2023/05/01 16:24:27 | * Message from the server is:
INFO | jvm 1 | 2023/05/01 16:24:27 | * Approve this agent at 'https://bamboo.server/admin/agent/viewAgents.action?focusUuid=86ed4752-cee6-4f64-95b1-d5405061fc97&selectedTab=Agent+authentication'. Check that the IP is correct.
INFO | jvm 1 | 2023/05/01 16:24:27 | * Next authentication attempt in 60 seconds...

as you can see the security token is being set as an argument, but This agent requires manual approval 

 

when you say it's not working, do you mean security token never makes it to the server? I see it in the command as a argument

What behavior do you see when the remote agent starts?

It starts normal but requires manual approval

Anything helpful in logs?

see above

Also, do you see the agent in remote agents page on Bamboo server side?

Yes

If so, which status is it?

Pending Approval

Like
Yevhen
Yevhen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 1, 2023

Looks like expected behavior to me. See: https://confluence.atlassian.com/bamboo/agent-authentication-289277196.html

Like
Phill Pafford
Phill Pafford May 1, 2023

You're right, I'm not sure why I had it in my mind that this process would remove the need to manually approve, but looks like it's used to stop communication with the main server

 

Enable token verification to ask all remote agents to provide the token during the initial contact with the Bamboo server. Once you enable the verification, all agents that try to connect to Bamboo without the token are rejected before leaving any trail in Bamboo. By default, the feature is disabled for Bamboo Server. 

Like
groups-icon
Data Center
TAGS
AUG Leaders

Atlassian Community Events

    See all events