Page History

...

• Network
  • firewall opening for port tcp/9000 from relevant source agent(s) IP(s) in internal network towards internet in general (destination 0.0.0.0)
    • network layer (using TDS portal network functionality)
    • operating system layer (firewalld if needed)
• Jenkins controller running in public
  
  • Decide which port you are going to use as we use fixed setup in our case. We are choosing 9000 in this guide.
  • Make sure to have port 9000 opened:
    • on network/firewall layer - Firewall

    • in OS level, for example firewalld:

      Code Block
      firewall-cmd --add-port=9000/tcp --permanent firewall-cmd --reload

      
      

  • Listening on JNLP port tcp/9000
    • Go to https://jenkins.xxx.tds.customerx.com/configureSecurity (remember to use correct URL of your Jenkins controller)
    • Set "TCP port for inbound agents" to Fixed:9000
    • Open "advanced" and choose "Inbound TCP Agent Protocol/4 (TLS encryption)" (deselect others if not relevant)
  • node added according to the following steps
    • Go to https://jenkins.xxx.tds.customerx.com/computer/new (remember to use correct URL of your Jenkins controller)
    • Set "Node name" to relevant name useful for you
    • Choose "Permanent"
    • Set "Remote root directory" to "/home/jenkins-agent"
    • Set "Launch method" to "Launch agent by connecting it to the controller" previously called "Launch agent via Java Web Start"
    • Click "Save"
  • now go to newly created node and copy secret/token for connecting agent
    • Go to https://jenkins.xxx.tds.customerx.com/computer/XXX (remember to use correct URL of your Jenkins controller and replace XXX with the name of your node)

    • You will see something like:

      Code Block

      Run from agent command line: java -jar agent.jar -jnlpUrl https://jenkins.xxx.tds.customerx.com/computer/test/slave-agent.jnlp -secret 8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 -workDir "/home/jenkins-agent" Run from agent command line, with the secret stored in a file: echo 8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 > secret-file java -jar agent.jar -jnlpUrl https://jenkins.xxx.tds.customerx.com/computer/test/slave-agent.jnlp -secret @secret-file -workDir "/home/jenkins-agent"

      Please copy only the secret, which is for example in this case "8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762"

• running in public
• Jenkins agent node (slave) - or so-called "on-premise executor"
  • running on a server in the internal network(s)
  • agent service(s) with service auto-start to assure automatic re-connect to Jenkins controller at any time even after server reboot
    • Install dependencies

      • CentOS

        Code Block
        yum install java-1.8.011-openjdk-devel git -y # you can install also other dependencies that will be required for your jobs

        
        

      • Ubuntu

        Code Block
        apt-get update; apt-get install openjdk-811-jdk git -y # you can install also other dependencies that will be required for your jobs

        
        

    • Installing agent

      • Prepare a folder for config

        Code Block
        mkdir -p /data/configs mkdir -p /opt/jenkins-agent

        
        

      • Create service file /opt/jenkins-agent/jenkins-agent.service

        Code Block
        title jenkinsope.service
        [Unit] Description=Jenkins Agent - On Premise Executor Wants=network.target After=network.target [Service] # EnvironmentFile cannnot be used on Debian/Ubuntu anymore - Reference: https://github.com/varnishcache/pkg-varnish-cache/issues/24 # So we are using drop-in config /etc/systemd/system/jenkins-agent.service.d/local.conf ExecStart=/usr/bin/java -Xms${JAVA_MEMORY} -Xmx${JAVA_MEMORY} -jar /opt/jenkins-agent/agent.jar -jnlpUrl ${CONTROLLER_URL}/computer/${NODE_NAME}/jenkins-agent.jnlp -secret ${SECRET} -workDir "${WORK_DIR}" User=jenkins-agent Restart=always RestartSec=10 StartLimitInterval=0 [Install] WantedBy=multi-user.target

        
        

      • Create config file /data/configs/jenkins-agent.conf

        Code Block
        JAVA_MEMORY=512m CONTROLLER_URL=https://jenkins.xxx.tds.customerx.com NODE_NAME=XXX SECRET=8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 WORK_DIR=/home/jenkins-agent

        
        

      • Create script /opt/jenkins-agent/jenkins-agent-install

        Code Block

        #!/bin/bash AGENT_APP_HOME=/opt/jenkins-agent SERVICE_USER=jenkins-agent MAINCONFIG=/data/configs/jenkins-agent.conf OLD_CONF=/data/configs/jenkinsope.conf if [ -f $OLD_CONF ];then mv -f $OLD_CONF $MAINCONFIG;fi source $MAINCONFIG OLD_USER=jenkinsope OLD_HOME=/home/$OLD_USER if [ -d $OLD_HOME ];then sed -i 's#^WORK_DIR.*#WORK_DIR=/home/jenkins-agent#g' $MAINCONFIG  sed -i 's#^MASTER_URL#CONTROLLER_URL#g' $MAINCONFIG source $MAINCONFIG # Stopping old service systemctl stop jenkinsope sleep 10 mv $OLD_HOME $WORK_DIR userdel -rf $OLD_USER rm -rf /etc/systemd/system/jenkins-agent.service.d rm -f /usr/lib/systemd/system/jenkinsope.service fi useradd -m -s /bin/bash $SERVICE_USER 2> /dev/null mkdir -p $WORK_DIR/.ssh chmod 700 $WORK_DIR/.ssh touch $WORK_DIR/.ssh/config chmod 600 $WORK_DIR/.ssh/* echo "Changing ownership of home/work folder ($WORK_DIR) and its content (can take long time with many files)..." chown $SERVICE_USER:$SERVICE_USER -R $WORK_DIR curl -s ${CONTROLLER_URL}/jnlpJars/agent.jar -o $AGENT_APP_HOME/agent.jar chmod 644 $AGENT_APP_HOME/agent.jar install -D -m 644 $AGENT_APP_HOME/jenkins-agent.service /usr/lib/systemd/system/jenkins-agent.service mkdir -p /etc/systemd/system/jenkins-agent.service.d echo "[Service]" > /etc/systemd/system/jenkins-agent.service.d/local.conf sed 's#^#Environment=#g' $MAINCONFIG >> /etc/systemd/system/jenkins-agent.service.d/local.conf systemctl daemon-reload systemctl restart jenkins-agent systemctl enable jenkins-agent systemctl status jenkins-agent echo "0 4 * * * root $AGENT_APP_HOME/jenkins-agent-install" > /etc/cron.d/jenkins-agent-update

        
        

      • Run install script

        Code Block
        chmod +x /opt/jenkins-agent/jenkins-agent-install /opt/jenkins-agent/jenkins-agent-install

        
        

    • Uninstalling agent (for cleanup purposes or if you messed up something)

      • Create script /opt/jenkins-agent/jenkins-agent-uninstall

        Code Block
        systemctl disable jenkins-agent systemctl stop jenkins-agent rm -f /usr/lib/systemd/system/jenkins-agent.service rm -rf /etc/systemd/system/jenkins-agent.service.d systemctl daemon-reload userdel -r jenkins-agent rm -rf /home/jenkins-agent

        
        

      • Run install script

        Code Block
        chmod +x /opt/jenkins-agent/jenkins-agent-uninstall /opt/jenkins-agent/jenkins-agent-uninstall

        
        

...