JENKINS UNDERGROUND – Jenkins Master/Slave | Security – PART 4

Jenkins Master/Slave

Use cases for Master/Slave:

Load distribution
Cross Platform Builds
Software Testing

Prerequisites for Node are: any OS, network access from master, jdk, user, directory with User ownership, Tools as required by the jenkins Job like Maven etc.

yum install java-1.6.0-openjdk.x86_64 -y
useradd devops
vi /etc/ssh/sshd_config
service sshd restart
mkdir /opt/jenkins-data
chown devops:devops jenkins-data/ -R

So the slave is set with the above commands. Adding a devops user so that the devops user can have access over the directory created when the artifacts are kept inside the directory. Also, enabling the password Authentication in sshd_config file.

Configuring the up a node on master

Make sure master and slave are connected via correct security group. ssh should be allowed from master to the slave.

Let’s now run any job and see where it will run. I have create a execute commands job.

This job is running on node/slave.

We can specify a job where it should run by making few changes.

Changing the usage configuration of node to “Only build jobs with label expression matching this node“
Making changes to the job configuration “Restrict where this project can be run” and providing the label.

Jenkins Security

Creating a new account. Let’s see how we will handle such scenario going forward.

We get a Access Denied in this case. As not everyone should be able to access the jenkins.

As an admin I will now add the user in the user/group list.

Post this configuration, user should be able to access/see the jobs and build it.

In the above scenario, if the user is from any of the project, he is able to see all the jobs irrespective of the project he is related to. So as to give the access based on project, we can go ahead with the Project-based Matrix Authorization which is considered to be the best one.