...
- Network
- firewall opening for port tcp/9000 from relevant source agent(s) IP(s) in internal network towards internet in general (destination 0.0.0.0)
- network layer (using TDS portal network functionality)
- operating system layer (firewalld if needed)
- firewall opening for port tcp/9000 from relevant source agent(s) IP(s) in internal network towards internet in general (destination 0.0.0.0)
- Jenkins master
- running in public
- listening on JNLP port tcp/9000
- Go to https://jenkins.xxx.tds.customerx.com/configureSecurity (remember to use correct URL of your Jenkins master)
- Set "TCP port for inbound agents" to Fixed:9000
- Open "advanced" and choose "Inbound TCP Agent Protocol/4 (TLS encryption)" (deselect others if not relevant)
- node added according to the following steps
- Go to https://jenkins.xxx.tds.customerx.com/computer/new (remember to use correct URL of your Jenkins master)
- Set "Node name" to relevant name useful for you
- Choose "Permanent"
- Set "Remote root directory" to "/home/jenkinsope"
- Set "Launch method" to "Launch agent by connecting it to the master" previously called "Launch agent via Java Web Start"
- copy secret/token for connecting agent
- Go to https://jenkins.xxx.tds.customerx.com/computer/XXX (remember to use correct URL of your Jenkins master and replace XXX with the name of your node)
You will see something like:
Code Block Run from agent command line: java -jar agent.jar -jnlpUrl https://jenkins.xxx.tds.customerx.com/computer/test/slave-agent.jnlp -secret 8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 -workDir "/home/jenkinsope" Run from agent command line, with the secret stored in a file: echo 8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 > secret-file java -jar agent.jar -jnlpUrl https://jenkins.xxx.tds.customerx.com/computer/test/slave-agent.jnlp -secret @secret-file -workDir "/home/jenkinsope"
Please copy only the secret, which is for example in this case "8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762"
- Jenkins agent node (slave) - or so-called "on-premise executor"
- running on a server in the internal network(s)
- agent service(s) with service auto-start to assure automatic re-connect to Jenkins master at any time even after server reboot
- Install dependencies
CentOS
Code Block yum install java-1.8.0-openjdk-devel git -y # you can install also other dependencies that will be required for your jobs
Ubuntu
Code Block apt-get update; apt-get install openjdk-8-jdk git -y # you can install also other dependencies that will be required for your jobs
- Installing agent
Prepare a folder for config
Code Block mkdir -p /data/configs
Create service file /tmp/jenkinsope.service
Code Block title jenkinsope.service [Unit] Description=Jenkins SlaveAgent - On Premise Executor Wants=network.target After=network.target [Service] # EnvironmentFile cannnot be used on Debian/Ubuntu anymore - Reference: https://github.com/varnishcache/pkg-varnish-cache/issues/24 # So we are using drop-in config /etc/systemd/system/jenkinsope.service.d/local.conf ExecStart=/usr/bin/java -Xms${JAVA_MEMORY} -Xmx${JAVA_MEMORY} -jar /usr/bin/agent.jar -jnlpUrl ${MASTER_URL}/computer/${SLAVENODE_NAME}/slave-agent.jnlp -secret ${SECRET} -workDir "${WORK_DIR}" User=jenkinsope Restart=always RestartSec=10 StartLimitInterval=0 [Install] WantedBy=multi-user.target
Create config file /data/configs/jenkinsope.conf
Code Block JAVA_MEMORY=512m MASTER_URL=https://jenkins.xxx.tds.customerx.com SLAVENODE_NAME=XXX SECRET=8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 WORK_DIR=/home/jenkinsope
Create script /tmp/jenkinsope-install.sh
Code Block useradd -m -s /bin/bash jenkinsope mkdir -p /home/jenkinsope/.ssh chmod 700 /home/jenkinsope/.ssh touch /home/jenkinsope/.ssh/config chmod 600 /home/jenkinsope/.ssh/* chown jenkinsope:jenkinsope -R /home/jenkinsope/.ssh source /data/configs/jenkinsope.conf wget ${MASTER_URL}/jnlpJars/agent.jar -O /usr/bin/agent.jar chmod 644 /usr/bin/agent.jar install -D -m 644 /tmp/jenkinsope.service /usr/lib/systemd/system/jenkinsope.service mkdir -p /etc/systemd/system/jenkinsope.service.d echo "[Service]" > /etc/systemd/system/jenkinsope.service.d/local.conf sed 's#^#Environment=#g' /data/configs/jenkinsope.conf >> /etc/systemd/system/jenkinsope.service.d/local.conf systemctl daemon-reload systemctl restart jenkinsope systemctl enable jenkinsope systemctl status jenkinsope
Run install script
Code Block chmod +x /tmp/jenkinsope-install.sh /tmp/jenkinsope-install.sh
- Uninstalling agent (for cleanup purposes or if you messed up something)
Create script /tmp/jenkinsope-uninstall.sh
Code Block systemctl disable jenkinsope systemctl stop jenkinsope rm -f /usr/lib/systemd/system/jenkinsope.service rm -rf /etc/systemd/system/jenkinsope.service.d systemctl daemon-reload userdel -r jenkinsope rm -rf /home/jenkinsope
Run install script
Code Block chmod +x /tmp/jenkinsope-uninstall.sh /tmp/jenkinsope-uninstall.sh
- Install dependencies
...