3.9. Jenkins Build Failures

If a gear running Jenkins is already present when the AUTH_SALT setting is changed in the /etc/openshift/broker.conf file, subsequent Jenkins builds will initially fail with the following:

remote: Executing Jenkins build.
remote: 
remote: You can track your build at https://jenkins-namespace.example.com/job/myapp-build
remote: 
remote: Waiting for build to schedule...........................
remote: **BUILD FAILED/CANCELLED**
remote: Please see the Jenkins log for more details via rhc-tail-files
remote: !!!!!!!!
remote: Deployment Halted!
remote: If the build failed before the deploy step, your previous
remote: build is still running.  Otherwise, your application may be
remote: partially deployed or inaccessible.
remote: Fix the build and try again.
remote: !!!!!!!!

Checking the Jenkins application's logs will reveal the following invalid credential messages:

# rhc tail jenkins
...
WARNING: Caught com.openshift.client.InvalidCredentialsOpenShiftException: Your credentials are not authorized to access "https://broker.example.com/broker/rest/user". Will retry 4 more times before canceling build.
com.openshift.client.InvalidCredentialsOpenShiftException: Your credentials are not authorized to access "https://broker.example.com/broker/rest/user"
...

To address these issues, first restart the broker service:

# service openshift-broker restart

Then run the oo-admin-broker-auth tool to rekey the gears' authorization tokens. To rekey the tokens for all applicable gears, run the tool with the --rekey-all option:

# oo-admin-broker-auth --rekey-all

See the command's --help output and man page for additional options and more detailed use cases.

When the gears are successfully rekeyed, future builds should continue as normal.