Hank Brekke

December 18, 2017,

Upgrading to Security Tokens on Bamboo Remote Agents

Okay, this was a rough one to figure out. Using Atlassian Bamboo for CI/CD software behind AWS CloudFront left us with a few implementation quirks that we needed to resolve. Most notably, the IP Address-based Agent Authentication (the default security option) causes remote agents with static or elastic IP’s to still get rejected whenever CloudFront’s proxying IP address changes.

We switched to Security Token Verification and updated our remote agents’ wrappers to include -t [token], but we were still seeing this error message in our service logs:

********************************************************************************
*
* An error occurred while contacting the server. Message from the server is:
* Security token is required for preliminary authentication, but none was provided.
Please obtain the token from [server-url]/admin/agent/addRemoteAgent.action
* Agent will now shut down.
*
********************************************************************************

To successfully get existing Bamboo Remote Agents running after the switch, you also need to update each agent’s conf/wrapper.conf file before the remote agent will property send the security token when connecting. Here’s how you can solve the security token issue:

  1. Add -t [token] given from Remote Agent Installation page in Bamboo (like normal) to the java -jar ... command you use for launching the agent.
  2. Edit ./bamboo-agent-home/conf/wrapper.conf (probably using vim), and scroll to the wrapper.app.parameter.0= line in this file (about half way into the file). You should see your server URL stored here.
  3. In the wrapper.app.parameter.3= parameter, paste the security token (without -t) from Bamboo, and save the file.
  4. Restart the Bamboo Remote Agent.

Why Bamboo caches the security token but still asks you to pass it in when running the wrapper, who knows 🤷‍♂️, but what I can say, is that the conf/wrapper.conf file appears to have a higher priority when running the agent.

Does this help? Are you interested in how HouseRater builds software with Bamboo behind a CloudFront SSL proxy? Let me know on Twitter your thoughts, I’m available at @hnryjms.

Up Next
Custom Camera Overlay View on iPhone X