...
- Network
- firewall opening for port tcp/9000 from relevant source agent(s) IP(s) in internal network towards internet in general (destination 0.0.0.0)
- network layer (using TDS portal network functionality)
- operating system layer (firewalld if needed)
- firewall opening for port tcp/9000 from relevant source agent(s) IP(s) in internal network towards internet in general (destination 0.0.0.0)
- Jenkins controller running in public
- Decide which port you are going to use as we use fixed setup in our case. We are choosing 9000 in this guide.
- Make sure to have port 9000 opened:
- on network/firewall layer - Firewall
in OS level, for example firewalld:
Code Block firewall-cmd --add-port=9000/tcp --permanent firewall-cmd --reload
- Listening on JNLP port tcp/9000
- Go to https://jenkins.xxx.tds.customerx.com/configureSecurity (remember to use correct URL of your Jenkins controller)
- Set "TCP port for inbound agents" to Fixed:9000
- Open "advanced" and choose "Inbound TCP Agent Protocol/4 (TLS encryption)" (deselect others if not relevant)
- node added according to the following steps
- Go to https://jenkins.xxx.tds.customerx.com/computer/new (remember to use correct URL of your Jenkins controller)
- Set "Node name" to relevant name useful for you
- Choose "Permanent"
- Set "Remote root directory" to "/home/jenkins-agent"
- Set "Launch method" to "Launch agent by connecting it to the controller" previously called "Launch agent via Java Web Start"
- Click "Save"
- now go to newly created node and copy secret/token for connecting agent
- Go to https://jenkins.xxx.tds.customerx.com/computer/XXX (remember to use correct URL of your Jenkins controller and replace XXX with the name of your node)
You will see something like:
Code Block Run from agent command line: java -jar agent.jar -jnlpUrl https://jenkins.xxx.tds.customerx.com/computer/test/slave-agent.jnlp -secret 8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 -workDir "/home/jenkins-agent" Run from agent command line, with the secret stored in a file: echo 8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 > secret-file java -jar agent.jar -jnlpUrl https://jenkins.xxx.tds.customerx.com/computer/test/slave-agent.jnlp -secret @secret-file -workDir "/home/jenkins-agent"
Please copy only the secret, which is for example in this case "8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762"
- running in public
- Jenkins agent node (slave) - or so-called "on-premise executor"
- running on a server in the internal network(s)
- agent service(s) with service auto-start to assure automatic re-connect to Jenkins controller at any time even after server reboot
- Install dependencies
CentOS
Code Block yum install java-1.8.011-openjdk-devel git -y # you can install also other dependencies that will be required for your jobs
Ubuntu
Code Block apt-get update; apt-get install openjdk-811-jdk git -y # you can install also other dependencies that will be required for your jobs
- Installing agent
Prepare a folder for config
Code Block mkdir -p /data/configs mkdir -p /opt/jenkins-agent
Create service file /opt/jenkins-agent/jenkins-agent.service
Code Block title jenkinsope.service [Unit] Description=Jenkins Agent - On Premise Executor Wants=network.target After=network.target [Service] # EnvironmentFile cannnot be used on Debian/Ubuntu anymore - Reference: https://github.com/varnishcache/pkg-varnish-cache/issues/24 # So we are using drop-in config /etc/systemd/system/jenkins-agent.service.d/local.conf ExecStart=/usr/bin/java -Xms${JAVA_MEMORY} -Xmx${JAVA_MEMORY} -jar /opt/jenkins-agent/agent.jar -jnlpUrl ${CONTROLLER_URL}/computer/${NODE_NAME}/jenkins-agent.jnlp -secret ${SECRET} -workDir "${WORK_DIR}" User=jenkins-agent Restart=always RestartSec=10 StartLimitInterval=0 [Install] WantedBy=multi-user.target
Create config file /data/configs/jenkins-agent.conf
Code Block JAVA_MEMORY=512m CONTROLLER_URL=https://jenkins.xxx.tds.customerx.com NODE_NAME=XXX SECRET=8b2911d98400bad5d45635b812b5f2e8e7c1d216bbbae9422a3ba57c691bf762 WORK_DIR=/home/jenkins-agent
Create script /opt/jenkins-agent/jenkins-agent-install
Code Block #!/bin/bash AGENT_APP_HOME=/opt/jenkins-agent SERVICE_USER=jenkins-agent MAINCONFIG=/data/configs/jenkins-agent.conf OLD_CONF=/data/configs/jenkinsope.conf if [ -f $OLD_CONF ];then mv -f $OLD_CONF $MAINCONFIG;fi source $MAINCONFIG OLD_USER=jenkinsope OLD_HOME=/home/$OLD_USER if [ -d $OLD_HOME ];then sed -i 's#^WORK_DIR.*#WORK_DIR=/home/jenkins-agent#g' $MAINCONFIG sed -i 's#^MASTER_URL#CONTROLLER_URL#g' $MAINCONFIG source $MAINCONFIG # Stopping old service systemctl stop jenkinsope sleep 10 mv $OLD_HOME $WORK_DIR userdel -rf $OLD_USER rm -rf /etc/systemd/system/jenkins-agent.service.d rm -f /usr/lib/systemd/system/jenkinsope.service fi useradd -m -s /bin/bash $SERVICE_USER 2> /dev/null mkdir -p $WORK_DIR/.ssh chmod 700 $WORK_DIR/.ssh touch $WORK_DIR/.ssh/config chmod 600 $WORK_DIR/.ssh/* echo "Changing ownership of home/work folder ($WORK_DIR) and its content (can take long time with many files)..." chown $SERVICE_USER:$SERVICE_USER -R $WORK_DIR curl -s ${CONTROLLER_URL}/jnlpJars/agent.jar -o $AGENT_APP_HOME/agent.jar chmod 644 $AGENT_APP_HOME/agent.jar install -D -m 644 $AGENT_APP_HOME/jenkins-agent.service /usr/lib/systemd/system/jenkins-agent.service mkdir -p /etc/systemd/system/jenkins-agent.service.d echo "[Service]" > /etc/systemd/system/jenkins-agent.service.d/local.conf sed 's#^#Environment=#g' $MAINCONFIG >> /etc/systemd/system/jenkins-agent.service.d/local.conf systemctl daemon-reload systemctl restart jenkins-agent systemctl enable jenkins-agent systemctl status jenkins-agent echo "0 4 * * * root $AGENT_APP_HOME/jenkins-agent-install" > /etc/cron.d/jenkins-agent-update
Run install script
Code Block chmod +x /opt/jenkins-agent/jenkins-agent-install /opt/jenkins-agent/jenkins-agent-install
- Uninstalling agent (for cleanup purposes or if you messed up something)
Create script /opt/jenkins-agent/jenkins-agent-uninstall
Code Block systemctl disable jenkins-agent systemctl stop jenkins-agent rm -f /usr/lib/systemd/system/jenkins-agent.service rm -rf /etc/systemd/system/jenkins-agent.service.d systemctl daemon-reload userdel -r jenkins-agent rm -rf /home/jenkins-agent
Run install script
Code Block chmod +x /opt/jenkins-agent/jenkins-agent-uninstall /opt/jenkins-agent/jenkins-agent-uninstall
- Install dependencies
...