Fixing the Jenkins ‘failed to connect’ issues for Github repos
I have been recently using Jenkins on Microsoft Azure cloud to build and deploy the GOMAPsingularity image to Cyverse.
My Jenkins setup runs on a smaller Azure Virtual Machine that creates other bigger VMs as necessary to build the GOMAP singularity image. It was an exciting journey to setup the VM, Jenkins and connect Jenkins to automatically create new machine as needed. Another story for another time.
Jenkins was working perfectly fine when I had the Azure VM open to the internet with the ports directly exposed. I added the custom domains and started locking down the ports and the webhooks started throwing errors.
I went through several iterations of port configurations to get this working. Maybe someone smarter than me would have it figured all out in less time, but it’s a learning curve I am willing to power though.
Initially the issue was that I made the ports too tight and disallowed all ports for inbound connections were not open. The fix was to add the correct IP address ranges Github meta to the Azure VM
1 2 3 4 # Github API Address ranges 18.104.22.168/22,22.214.171.124/22,126.96.36.199/20,188.8.131.52/32,184.108.40.206/32,220.127.116.11/32,18.104.22.168/32,22.214.171.124/32,126.96.36.199/32,188.8.131.52/32,184.108.40.206/32,220.127.116.11/32,18.104.22.168/32,22.214.171.124/32,126.96.36.199/32,188.8.131.52/32,184.108.40.206/32,220.127.116.11/32 # Github hooks address ranges 18.104.22.168/22,22.214.171.124/22,126.96.36.199/20
Now the hooks work as expected and are as secure as I could get them.
Note: Strange though. Jenkins logs show that the hook events always are received from
188.8.131.52/24 CIDR range, but this range is not in either the Github API or hook address ranges.