Page History

...

• Network
  • firewall opening for port tcp/9000 from relevant source agent(s) IP(s) in internal network towards internet in general (destination 0.0.0.0)
    • network layer (using TDS portal network functionality)
    • operating system layer (firewalld if needed)
• Jenkins master
  • running in public
  • listening on JNLP port tcp/9000
    • Go to https://jenkins.xxx.tds.customerx.com/configureSecurity (remember to use correct URL of your Jenkins master)
    • Set "TCP port for inbound agents" to Fixed:9000
    • Open "advanced" and choose "Inbound TCP Agent Protocol/4 (TLS encryption)" (deselect others if not relevant)
  • node added according to the following steps
    • Go to https://jenkins.xxx.tds.customerx.com/computer/new (remember to use correct URL of your Jenkins master)
    • Set "Node name" to relevant name useful for you
    • Choose "Permanent"
    • Set "Remote root directory" to "/home/jenkinsope"
    • Set "Launch method" to "Launch agent by connecting it to the master" previously called "Launch agent via Java Web Start"
  • copy secret/token for connecting agent
    • Go to https://jenkins.xxx.tds.customerx.com/computer/XXX (remember to use correct URL of your Jenkins master and replace XXX with the name of your node)

    • You will see something like:

      Code Block

      Run from agent command line: java -jar agent.jar -jnlpUrl https://jenkins.xxx.tds.customerx.com/computer/test/slave-agent.jnlp -secret 8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 -workDir "/home/jenkinsope" Run from agent command line, with the secret stored in a file: echo 8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 > secret-file java -jar agent.jar -jnlpUrl https://jenkins.xxx.tds.customerx.com/computer/test/slave-agent.jnlp -secret @secret-file -workDir "/home/jenkinsope"

      Please copy only the secret, which is for example in this case "8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762"

• Jenkins agent node (slave) - or so-called "on-premise executor"
  • running on a server in the internal network(s)
  • agent service(s) with service auto-start to assure automatic re-connect to Jenkins master at any time even after server reboot
    • Install dependencies

      • CentOS

        Code Block
        yum install java-1.8.0-openjdk-devel git -y # you can install also other dependencies that will be required for your jobs

        
        

      • Ubuntu

        Code Block
        apt-get update; apt-get install openjdk-8-jdk git -y # you can install also other dependencies that will be required for your jobs

        
        

    • Installing agent

      • Prepare a folder for config

        Code Block
        mkdir -p /data/configs

        
        

      • Create service file /tmp/jenkinsope.service

        Code Block
        title jenkinsope.service
        [Unit] Description=Jenkins SlaveAgent - On Premise Executor Wants=network.target After=network.target [Service] # EnvironmentFile cannnot be used on Debian/Ubuntu anymore - Reference: https://github.com/varnishcache/pkg-varnish-cache/issues/24 # So we are using drop-in config /etc/systemd/system/jenkinsope.service.d/local.conf ExecStart=/usr/bin/java -Xms${JAVA_MEMORY} -Xmx${JAVA_MEMORY} -jar /usr/bin/agent.jar -jnlpUrl ${MASTER_URL}/computer/${SLAVENODE_NAME}/slave-agent.jnlp -secret ${SECRET} -workDir "${WORK_DIR}" User=jenkinsope Restart=always RestartSec=10 StartLimitInterval=0 [Install] WantedBy=multi-user.target

        
        

      • Create config file /data/configs/jenkinsope.conf

        Code Block
        JAVA_MEMORY=512m MASTER_URL=https://jenkins.xxx.tds.customerx.com SLAVENODE_NAME=XXX SECRET=8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 WORK_DIR=/home/jenkinsope

        
        

      • Create script /tmp/jenkinsope-install.sh

        Code Block

        useradd -m -s /bin/bash jenkinsope mkdir -p /home/jenkinsope/.ssh chmod 700 /home/jenkinsope/.ssh touch /home/jenkinsope/.ssh/config chmod 600 /home/jenkinsope/.ssh/* chown jenkinsope:jenkinsope -R /home/jenkinsope/.ssh source /data/configs/jenkinsope.conf wget ${MASTER_URL}/jnlpJars/agent.jar -O /usr/bin/agent.jar chmod 644 /usr/bin/agent.jar install -D -m 644 /tmp/jenkinsope.service /usr/lib/systemd/system/jenkinsope.service mkdir -p /etc/systemd/system/jenkinsope.service.d echo "[Service]" > /etc/systemd/system/jenkinsope.service.d/local.conf sed 's#^#Environment=#g' /data/configs/jenkinsope.conf >> /etc/systemd/system/jenkinsope.service.d/local.conf systemctl daemon-reload systemctl restart jenkinsope systemctl enable jenkinsope systemctl status jenkinsope

        
        

      • Run install script

        Code Block
        chmod +x /tmp/jenkinsope-install.sh /tmp/jenkinsope-install.sh

        
        

    • Uninstalling agent (for cleanup purposes or if you messed up something)

      • Create script /tmp/jenkinsope-uninstall.sh

        Code Block
        systemctl disable jenkinsope systemctl stop jenkinsope rm -f /usr/lib/systemd/system/jenkinsope.service rm -rf /etc/systemd/system/jenkinsope.service.d systemctl daemon-reload userdel -r jenkinsope rm -rf /home/jenkinsope

        
        

      • Run install script

        Code Block
        chmod +x /tmp/jenkinsope-uninstall.sh /tmp/jenkinsope-uninstall.sh

        
        

...