svn post-commit call to jenkins build http failure

Question

When I attempt to call a Jenkins build via the post-commit script svn returns an access denied failure. Using the directions at https://wiki.jenkins-ci.org/display/JENKINS/Subversion+Plugin my first attempts followed with the specific configuration Jenkins was in.

First Jenkins configuration:
[x] Enable Security => Jenkins’s own user database
[x] Prevent Cross Site Request Forgery exploits (w/ & w/out Default Crumb Issuer enabled)
This returned

Error: Connecting to SERVER_IP:8080... failed: Permission denied.

After this failed several times using various wget options such as http-user, user, http-password, password, etc I changed the Jenkins server configuration to stop using the CSRF. This also failed. I passed the user API token, job API token, and plain user-name/password. When these failed I attempted to call the jobs from the commandline itself with wget and amazingly it succeeded.

Current Jenkins Configuration:
All security options disabled. I"m not using users and I am not using tokens or anything.

The SVN post-commit file only has one command in it.

wget http://SERVER_IP:8080/job/JOB_trunk/build?token=BUILD --tries=2 --timeout=2

This works from the command line. Jenkins builds the job. Jenkins does not run the build as the user I provide wget with --http-user and --http-password. While it doesn't build as the user I want it at least builds, with and without the ?token option.

If I run the post-commit hook using sudo /var/svn/JOB/hooks/post-commit the Jenkins build runs.

Every time I make a commit to svn, the post-commit hook is run and attempts to trigger the Jenkins build and I get back the below error.

Error: post-commit hook failed (exit code 1) with output:  
Error: --2013-08-21 21:36:37--  http://SERVER_IP:8080/job/JOB_trunk/build?token=BUILD  
Error: Connecting to SERVER_IP:8080... failed: Permission denied.  

While I can build things manually, poll for svn changes, or etc... I am interested in only triggering builds from the post-commit hook.

The SVN server is running on CentOS6.
Jenkins is running on Win7.

For testing purposes I tried to trigger the build by using the su command from the script and continued to have problems. It successfully builds the job if I run the script from the command line, it does not trigger the build when the svn commit triggers the hook.

/bin/su -c `wget http://SERVER_IP:8080/job/JOB_trunk/build --tries=2 --timeout=2

Any insight as to what is happening would make me a very happy person and extraordinarily thankful after a week and hours of attempting to get it working.

Answer 1

(I assume the "wget wget" in your post-commit file is a typo.)

For me your CentOS6 server has some network kernel issues.

Right now I am wondering which command prints "failed: Permission denied". I've never seen wget fail like that and it looks more like a local system failure (like open() system call failing).

To confirm such an issue, try doing wget to a different address, like google.com, as non root user. Does it work ?

Also use strace to find out more.

strace wget etc

and take note of the failing line.

If so, have you compiled your own kernel ? Have you set CONFIG_ADROID_PARANOID_NETWORK to true ?

Note: for CSRF protected sites, you need to add extra parameters to download the crumb (this is defined in the Subversion plugin page.