By default, Jenkins uses Java Network Launch Protocol (JNLP) for Jenkins slave connection. Starting from the MCP 2019.2.5 maintenance update, you can set up SSH connection for Jenkins slaves instead of JNLP using the steps below.
Note
If Jenkins is disabled on the Salt Master node (for details, refer to MCP Deployment Guide: Deploy CI/CD), skip the steps 2 and 3 of the procedure below.
To use SSH connection instead of JNLP for Jenkins slaves:
Log in to the Salt Master node.
Configure Jenkins Master for the Salt Master node to use SSH Jenkins slaves:
Verify your existing SSH keys for Jenkins admin key:
salt-call pillar.get _param:jenkins_admin_public_key_generated
salt-call pillar.get _param:jenkins_admin_private_key_generated
The system output must be not empty.
If you do not have SSH keys, generate ones:
ssh-keygen
In ./classes/cluster/<cluster_name>/infra/config/jenkins.yml
:
Replace the system.docker.swarm.stack.jenkins.slave_single
or
system.docker.swarm.stack.jenkins.jnlp_slave_single
class
(the one that is present in model) with the following class:
classes:
...
- system.docker.swarm.stack.jenkins.ssh_slave_single
Remove the following classes if present:
classes:
...
- system.docker.client.images.jenkins_master
- system.docker.client.images.jenkins_slave
Change the Jenkins slave type to ssh
instead of jnlp
:
parameters:
...
jenkins:
client:
node:
slave01:
launcher:
type: ssh
Add the SSH keys parameters to the parameters
section:
If you use existing SSH keys:
parameters:
_param:
...
jenkins_admin_public_key: ${_param:jenkins_admin_public_key_generated}
jenkins_admin_private_key: ${_param:jenkins_admin_private_key_generated}
...
If you generated new SSH keys in the step 2.1:
parameters:
_param:
...
jenkins_admin_public_key: <ssh-public-key>
jenkins_admin_private_key: <ssh-private-key>
...
Remove the JNLP slave from Jenkins on Salt Master node:
yes
to confirm.Configure Jenkins Master for the cid
nodes to use SSH Jenkins slaves:
Verify that the Jenkins SSH key is defined in the Reclass model:
salt 'cid01*' pillar.get _param:jenkins_admin_public_key
salt 'cid01*' pillar.get _param:jenkins_admin_private_key
In ./classes/cluster/<cluster_name>/cicd/control/leader.yml
:
Replace the system.docker.swarm.stack.jenkins
class with
system.docker.swarm.stack.jenkins.master
and the
system.docker.swarm.stack.jenkins.jnlp_slave_multi
class with
system.docker.swarm.stack.jenkins.ssh_slave_multi
if present,
or add system.docker.swarm.stack.jenkins.ssh_slave_multi
explicitly.
Add the system.jenkins.client.ssh_node
class right below the
system.jenkins.client.node
class:
classes:
...
- system.jenkins.client.node
- system.jenkins.client.ssh_node
Remove the JNLP slaves from Jenkins on the cid
nodes:
cid
Jenkins web UI.slave01
, slave02
and slave03
using the menu.
For example: slave01 > Delete agent.
Click yes
to confirm.Refresh pillars:
salt -C 'I@jenkins:client' saltutil.refresh_pillar
salt -C 'I@docker:client' saltutil.refresh_pillar
Pull the ssh-slave
Docker image:
salt -C 'I@docker:client:images' state.apply docker.client.images
Apply the changes:
salt -C 'I@jenkins:client and I@docker:client' state.apply docker.client
salt -C 'I@jenkins:client' state.apply jenkins.client