Windows - Jenkins Master and Agent configuration between Intranet and DMZ

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Windows - Jenkins Master and Agent configuration between Intranet and DMZ

kothashyam
This post has NOT been accepted by the mailing list yet.
Hi All,

I am very new to Jenkins setup and I need to configure Jenkins Master and Slave agents securely for my client systems.

All my project/client systems are in Windows but in secured environment.

Found many blogs related to configure Master and Slave in Unix systems but I haven't found much related to Windows.

Thought of using "Launch Slave agent using Java WebStart" but this is bidirectional - Read it some where in google.

Main problem that in my project environment is - Jenkins Master server is in Intranet and Jenkins agent will be in LRD/DMZ.

Info security team which opens firewall ports for us is asking so many questions about security like.. is it Bi-directional or one way.. if one way, which way it is..

They say, if communication is from Intranet to DMZ and if it uses HTTPS protocol. then I will be good.

I see different ways to start agent in Node creation Screen but I am not sure which is best for my typical environment.

Could anyone of you guys help me / guide me setting up Secured communication between master (Intranet) and slave (DMZ/LRD).

Note: Presently master is configured with HTTPS.

Thanks,
Shyam.
Sin
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Windows - Jenkins Master and Agent configuration between Intranet and DMZ

Sin
This post has NOT been accepted by the mailing list yet.
I'll be glad to see any answer too. Because it's not so clear for me too.
Does Jenkins Slave ,after firewall, still have to use masters HTTP/HTTPS (Default Jenkins Master port) ??
Or it's using only JNLP port, that set in Jenkins--> Configure Global Security..
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Windows - Jenkins Master and Agent configuration between Intranet and DMZ

kothashyam
This post has NOT been accepted by the mailing list yet.
Hi Sin,

I haven't completed my setup as FireWall port open request is still open with Info Security team at my client.
Below input may help you understanding if you haven't figured out.

1. Enable Fixed port number in Jenkins-Configure Global security instead random by giving your own port number which is available in agent server
2. above port number will be your TCP/IP port which will be used to communicate between Master and slave.
3. But when you start agent via java web start in slave node.. Initial communication with Master is via HTTP/HTTPS to just get the above port number you defined.
Note: my bad luck.. even thought I know the TCP/IP port number before in hand.. agent has to contact HTTP..  because I am not able to use the TCP argument which is available in jnlp command as per its help.. try getting help from command line using "java slave.jar -help" in agent system.. it listed a way to establish tcp ip communication directly but its not working.. I am not sure.. I didn't get any info in internet about this.. so, i just smiple decided that I can;t get help here.
4. Then, you need to open http port and tcp/ip port - both bi-directional. Presently I am at this step.
5. Note: you may need to authenticate while opening firewall port.. You can add authenticated resource if you wish to.

Thanks,
Shyam

On Mon, Jul 17, 2017 at 2:40 AM Sin [via Jenkins CI] <[hidden email]> wrote:
I'll be glad to see any answer too. Because it's not so clear for me too.
Does Jenkins Slave ,after firewall, still have to use masters HTTP/HTTPS (Default Jenkins Master port) ??
Or it's using only JNLP port, that set in Jenkins--> Configure Global Security..



To unsubscribe from Windows - Jenkins Master and Agent configuration between Intranet and DMZ, click here.
NAML
Loading...