Use SSH Jenkins slaves

Use SSH Jenkins slaves

By default, Jenkins uses Java Network Launch Protocol (JNLP) for Jenkins slave connection. Starting from the MCP 2019.2.5 maintenance update, you can set up SSH connection for Jenkins slaves instead of JNLP using the steps below.

Note

If Jenkins is disabled on the Salt Master node (for details, refer to MCP Deployment Guide: Deploy CI/CD), skip the steps 2 and 3 of the procedure below.

To use SSH connection instead of JNLP for Jenkins slaves:

  1. Log in to the Salt Master node.

  2. Configure Jenkins Master for the Salt Master node to use SSH Jenkins slaves:

    1. Verify your existing SSH keys for Jenkins admin key:

      salt-call pillar.get _param:jenkins_admin_public_key_generated
      salt-call pillar.get _param:jenkins_admin_private_key_generated
      

      The system output must be not empty.

      If you do not have SSH keys, generate ones:

      ssh-keygen
      
    2. In ./classes/cluster/<cluster_name>/infra/config/jenkins.yml:

      1. Replace the system.docker.swarm.stack.jenkins.slave_single or system.docker.swarm.stack.jenkins.jnlp_slave_single class (the one that is present in model) with the following class:

        classes:
        ...
        - system.docker.swarm.stack.jenkins.ssh_slave_single
        
      2. Remove the following classes if present:

        classes:
        ...
        - system.docker.client.images.jenkins_master
        - system.docker.client.images.jenkins_slave
        
      3. Change the Jenkins slave type to ssh instead of jnlp:

        parameters:
          ...
          jenkins:
            client:
              node:
                slave01:
                  launcher:
                    type: ssh
        
      4. Add the SSH keys parameters to the parameters section:

        • If you use existing SSH keys:

          parameters:
            _param:
              ...
              jenkins_admin_public_key: ${_param:jenkins_admin_public_key_generated}
              jenkins_admin_private_key: ${_param:jenkins_admin_private_key_generated}
              ...
          
        • If you generated new SSH keys in the step 2.1:

          parameters:
            _param:
              ...
              jenkins_admin_public_key: <ssh-public-key>
              jenkins_admin_private_key: <ssh-private-key>
              ...
          
  3. Remove the JNLP slave from Jenkins on Salt Master node:

    1. Log in to Salt Master node Jenkins web UI.

    2. Navigate to Manage Jenkins > Manage nodes.

    3. Select slave01 > Delete agent. Click yes to confirm.


  4. Configure Jenkins Master for the cid nodes to use SSH Jenkins slaves:

    1. Verify that the Jenkins SSH key is defined in the Reclass model:

      salt 'cid01*' pillar.get _param:jenkins_admin_public_key
      salt 'cid01*' pillar.get _param:jenkins_admin_private_key
      
    2. In ./classes/cluster/<cluster_name>/cicd/control/leader.yml:

      1. Replace the system.docker.swarm.stack.jenkins class with system.docker.swarm.stack.jenkins.master and the system.docker.swarm.stack.jenkins.jnlp_slave_multi class with system.docker.swarm.stack.jenkins.ssh_slave_multi if present, or add system.docker.swarm.stack.jenkins.ssh_slave_multi explicitly.

      2. Add the system.jenkins.client.ssh_node class right below the system.jenkins.client.node class:

        classes:
        ...
        - system.jenkins.client.node
        - system.jenkins.client.ssh_node
        
  5. Remove the JNLP slaves from Jenkins on the cid nodes:

    1. Log in to cid Jenkins web UI.

    2. Navigate to Manage Jenkins > Manage nodes.

    3. Delete slave01, slave02 and slave03 using the menu. For example: slave01 > Delete agent. Click yes to confirm.


  6. Refresh pillars:

    salt -C 'I@jenkins:client' saltutil.refresh_pillar
    salt -C 'I@docker:client' saltutil.refresh_pillar
    
  7. Pull the ssh-slave Docker image:

    salt -C 'I@docker:client:images' state.apply docker.client.images
    
  8. Apply the changes:

    salt -C 'I@jenkins:client and I@docker:client' state.apply docker.client
    salt -C 'I@jenkins:client' state.apply jenkins.client