Jenkins Swarm plugin authentication

Question

I have a jenkins master and a separate slave server. I using swarm plugin to connect the slaves to the master. Everything works fine before I configured LDAP authetication and revoke the grants from the anonymous user.

Obviously now I have to autheticate swarm client but I cannot able to do this. If anyone has experience with swarm plugin please let me know.

Console from slave machine:

$ java -jar swarm-client-2-0.jar -master http://x.x.x.x:8080/ -username 'exxxx' -password common.pwd
Discovering Jenkins master
Oct 01, 2015 2:14:51 PM org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
INFO: basic authentication scheme selected
Oct 01, 2015 2:14:51 PM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
INFO: Failure authenticating with BASIC 'Jenkins'@x.x.x.x:8080
Failed to fetch slave info from Jenkins CODE: 401
Retrying in 10 seconds

Br,

Answer 1

You need at least Create Slave permission or higher to create the slave using Swarm plugin.

You have the following options:

1. Open a request and have your network team create a new LDAP/service account (generic) so that you don't have to worry about it's password getting changed within next N no. of days.

2. Assign that user or grant it Create Slave permission or all access that see within (Slave section as per your image snapshot).

3. Use that user's userid/password. You can create a global variable / use manage credential section in Jenkins to define the user/password and it'll be available to use an ENV variable or for doing credential based authentication.

4. Run your command to create the slave and it'll work, something like:

$ java -jar swarm-client-2.0-jar-with-dependencies.jar \
    -name "$(hostname -a)_01" \
    -fsroot "$(pwd)/$(hostname -a)_01" \
    -master http://my_jenkins_server.my.company.com:8081 \
    -disableSslVerification \
    -username c123456_or_slaveSpecialUser \
    -password $p \
    -description "$(hostname -a) " \
    -executors 5 \
    -labels "Linux CentOS ANSIBLE" \
    -mode 'normal' \
    -retry 3 \
    -showHostName \
    -t java=~/tools/jdk1.8.0_45 \
    -t gradle=~/tools/gradle-2.9 \
    -t Maven=~/tools/apache-maven-3.3.3 \
    -t Groovy2=~/tools/groovy-2.4.5 \
    --showHostName \
    -disableClientsUniqueId

Note:
Mode can be -mode 'exclusive'
Using -disableClientsUniqueId option will create slave with the name as per your -name parameter (instead of suffixing it with a unique/alphanumeric ID).

Addition: To create Tool locations within the slave's configuration, I initially used -t **Java=~/tools/jdk1.8.0_45 -t Gradle=~/tools/gradle-2.9** and the command gave me an error No tool 'Java' is defined on Jenkins.

javax.servlet.ServletException: java.lang.RuntimeException: No tool 'Java' is defined on Jenkins.

After researching, I found this is because in my Jenkins Master (that I used), it's JDK Installations section in Jenkins global settings had this tool Name value set as "java" (all lower).

Trying -t java=~/tools/jdk1.8.0_45 resolved the issue and now I can see (JDK) java tool with value ~/tools/jdk1.8.0_45 in the slave's configuration.

NOTE:
If you are connecting or want to connect your slave to your Jenkins master using "Anonymous" user (i.e. then you don't have to provide -username c123456_or_slaveSpecialUser -password $p parameters), then in Jenkins Master's (with admin level permission do this one time only setup) > Under Manage Roles and Users > Under GLOBAL Roles section, create a role (or change existing Viewer role) and assign "Overall + Read" and "Slave + Create" access.

Then, on the same page, under "Slave Roles", create a Role for ex: autoslave or something like that and assign all access (Connect, Configure, ..., Delete) and MAKE sure assign a pattern(regex) for ex: "swarm_slave.*" in it. What this will do is, from now onwards, you can run java -jar slave-client-...depedencies.jar without using -username and -password paramters and if you are creating swarm slaves with name starting with "swarm_slave...." then, they will auto-create/connect/delete (as long as the swarm slave java process will run/exist on the slave server).

Following a standard name pattern for slaves will also give you more control if you'd use Jenkins Rest/API (groovy) scripts to maintain the swarm slaves.

Also look here for more (how to add ENVIRONMENT variables to the newly created node): Jenkins Slave - How to add or update ENVIRONMENT variables

Using Docker for creating containers on slave nodes is the next step. Don't forget to read more about these here:

http://dockins.github.io/ and https://wiki.jenkins.io/display/JENKINS/Docker+Slaves+Plugin https://github.com/jenkinsci/docker-slaves-plugin