I'm creating a windows slave in Jenkins and for that, I need to use the Java Web Start as a launch method in slave configuration.
I'm aware that to view this option in slave configuration, we need to change the setting in Manage Jenkins>Configure global security>Agents>TCP JNLP AGents to Random from disabled.
But in my case, I'm not able to see the JNLP port agent, the option visible is "TCP port for inbound agents" instead of "TCP port for JNLP agents".
I've installed JDK in Manage Jenkins>Global tool Configuration, but after this as well it's not giving an option for JNLP agents.
Can someone please help with this, where I can view the "TCP port for JNLP agents" option under Jenkins>Configure global security>Agents
The 'TCP port for JNLP agents' setting seems to be not available anymore in the 'Configure Global Security' settings. Instead of that modify your agent's settings and set Launch method as 'Launch agent by connecting it to master'. It works similarly to the option that you are looking for:
Agents communicate through each other over TCP.In my case i couldnt find "TCP port for JNLP agents".Solution for it is,before creating an agent ,go to Configure global security ->section labeled "Agents" and the line that says "TCP port for inbound agents". Insert a valid port value for the TCP port for inbound agents. Apply that change.
Then goto Configure Jenkins -> Manage Nodes -> create new node or configure node
Choose the setting "Launch agent by connecting it to the controller" under Launch Method.
The phrasing has been improved significantly in the user interface by removing the references to "JNLP". The key difference between the agent protocols is not the underlying transport, but rather which end initiates the connection. The agent launch method that was formerly called "JNLP" is a launch method that initiates the agent connection from the agent to the master. The launch method called "ssh" initiates the connection from the master to the agent.
Related
I have already configured the java enviroment and installtion
path
This is a duplicate question from Server Fault: Answer Here
Java Web Start utilizes TCP so it has to be enabled and configured in Jenkins...
Login to Jenkins as admin
Manage Jenkins > Configure Global Security > TCP port for JNLP agents
Do yourself a favor and pick a static port assignment...
As of Jenkins version 2.176.3, there is option enabled when "Launch agent by connecting it to the master" which is same as "launch agent via java web start" once you enable the "Manage Jenkins => Configure Global Security => Agents => TCP port for inbound agents" as mentioned above.
e.g. Fixed: 50000
Make sure that you've enabled a JNLP port in Manager Jenkins -> Configure Global Security. If no JNLP port is specified, then the JNLP slave option will not appear.
I had similar issue after updating my Jenkins, I then used "Launch agent by connecting it to the master" method to launch and my port "TCP port for inbound agents" under
- Manage Jenkins => Configure Global Security => Agents => TCP port for inbound agents got changed to 8888. I have updated it back to 50000 and that resolved the issue. Hope it helps.
On some systems I used to get a button to download the agent's JNLP. On my new linux mint system, I instead get the "JNLP not available" message. So was lost as to where to get the JNLP file. However, looking in the command below I saw the URL for downloading it, eg:
http://127.0.0.1:8080/computer/build_slave/jenkins-agent.jnlp
Go to the slave machine, paste the URL in the browser to download it!
This might also be due to missing permissions for the user trying to setup the agent via java web start, at least that was the case in my scenario;
To verify this, try to download the jnlp directly; URL would be of the form [jenkins url]/computer/[agent name]/slave-agent.jnlp, if there is a permissions issue you will get something along the lines of:
Access Denied
xxxx is missing the Agent/Connect permission
I would like to connected via JNLP to the Master Jenkins server and getting always following error
Failing to obtain https://<master-server>/buildserver/computer/CaptainBrowser/slave-agent.jnlp?encrypt=true
java.io.IOException: https://<master-server>/buildserver/computer/CaptainBrowser/slave-agent.jnlp?encrypt=true doesn't look like a JNLP file; content type was text/html; charset=iso-8859-1
at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:306)
at hudson.remoting.Launcher.run(Launcher.java:219)
at hudson.remoting.Launcher.main(Launcher.java:192)
I had a similar problem. For me the issue was that the Jenkins URL in 'Configure System' was set to 'http://...' instead of 'https://...'. This meant that when I set up a node, it showed the java command to run to be also use http. E.g it said
java -jar slave.jar -jnlpUrl http:///computer//slave-agent.jnlp -secret
Running it yielded
'Failing to obtain http:///computer//slave-agent.jnlp?encrypt=true'
Changing the server URL to 'https' enabled it to work for me. It changed the command for a Jenkins node to be a 'https' URL and running that worked.
Goto jenkins --> Manage jenkins --> configure system --> http://yoursystem ip:8080/ Make sue it will be http not https. Manage Jenkins --> Global security--> Agent -->
TCP port select fixed 50000 and Inbound TCP Agent Protocol/4 (TLS encryption) under agent protocol
Create Agent node gain it will work
In my case, it started working after adding HTTPS protocol to my security group for EC2 machines. Then again run jnlp command on to jenkins slave terminal and it will be connected.
I am trying to set a new Jenkins instance (version 1.67) on to a Windows Server 2012 r2.
I am trying to configure a custom URL instead of using
localhost:8080
etc..
I have set Jenkins URL as
NewServer.domainname.com
But I cannot access it via that url, I get presented with a message "Remote Web Access is turned off" it only allows me to connect when I follow the URL with the port number;
NewServer.domainname.com:8080
I am sure that Remote web access is completely different from what my goal is.
By default, Jenkins launches its own built-in webserver, listening on port 8080.
Changing the URL in the Jenkins configuration does not change the port that the running webserver listens on, but rather the URL that is shown within the UI, or in emails sent to users etc.
In order to access Jenkins at just NewServer.domainname.com (i.e. running on port 80), you would first have to disable Windows Remote Web Access, which is currently occupying port 80.
You would then need to stop Jenkins and start it again with the flag --httpPort=80; these options are documented on the Jenkins wiki.
If Jenkins was started as a Windows Service, you can edit the jenkins.xml file as shown in these answers.
Just wanted to say, after setting Jenkins.xml to run on port 80, and then via the Jenkins web interface using
'install as service'
I found that this process seemed to create a new jenkins.xml along with the default httpPort which is stored within the Jenkins.war.
I get around this I installed as a service, ensured that the service was not set to start on start up. Rebooted the machine
On start up I re-edited the jenkins.xml httpPort value back to 80. Started the service and now running very happy!
We use Jenkins 1.504 on Windows.
We need to have Master and Slave in different sub-networks with firewall in between.
We can't have ANY to ANY port firewall rules, we must specify exact port numbers.
I know the port Master is listening on.
I also see that Slave opens connection to the Master from the arbitrary port dynamically assigned every run, and port on the Master side is also arbitrary.
I can fix Master's port by specifying it in Manage Jenkins > Configure Global Security > TCP port for JNLP slave agents).
How to fix Slave port?
UPDATE: Found Connection Mechanism described here: https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI#JenkinsCLI-Connectionmechanism
I think it might work for us, but still would be better to have fixed-2-fixed ports connection.
We had a similar situation, but in our case Infosec agreed to allow any to 1, so we didnt had to fix the slave port, rather fixing the master to high level JNLP port 49187 worked ("Configure Global Security" -> "TCP port for JNLP slave agents").
TCP
49187 - Fixed jnlp port
8080 - jenkins http port
Other ports needed to launch slave as a windows service
TCP
135
139
445
UDP
137
138
A slave isn't a server, it's a client type application. Network clients (almost) never use a specific port. Instead, they ask the OS for a random free port. This works much better since you usually run clients on many machines where the current configuration isn't known in advance. This prevents thousands of "client wouldn't start because port is already in use" bug reports every day.
You need to tell the security department that the slave isn't a server but a client which connects to the server and you absolutely need to have a rule which says client:ANY -> server:FIXED. The client port number should be >= 1024 (ports 1 to 1023 need special permissions) but I'm not sure if you actually gain anything by adding a rule for this - if an attacker can open privileged ports, they basically already own the machine.
If they argue, then ask them why they don't require the same rule for all the web browsers which people use in your company.
I have a similar scenario, and had no problem connecting after setting the JNLP port as you describe, and adding a single firewall rule allowing a connection on the server using that port. Granted it is a randomly selected client port going to a known server port (a host:ANY -> server:1 rule is needed).
From my reading of the source code, I don't see a way to set the local port to use when making the request from the slave. It's unfortunate, it would be a nice feature to have.
Alternatives:
Use a simple proxy on your client that listens on port N and then does forward all data to the actual Jenkins server on the remote host using a constant local port. Connect your slave to this local proxy instead of the real Jenkins server.
Create a custom Jenkins slave build that allows an option to specify the local port to use.
Remember also if you are using HTTPS via a self-signed certificate, you must alter the configuration jenkins-slave.xml file on the slave to specify the -noCertificateCheck option on the command line.
On Jenkins configuration page in section "Jenkins URL" I've set this option to "http://name_of_my_machine.jenkins:8080/"
Usually I open jenkins by: "http://localhost:8080/"
But this new option did not work for me - Jenkins does not open. So what does it mean?
Jenkins can't determine its URL on its own. So when it needs to create full links that's where the URL is taken from. In general even if you specify the wrong URL it should not affect the way Jenkins works in any significant way. It certainly has no effect on the URL that you enter in your browser to connect to Jenkins server. You can either specify http://localhost:8080 (when connecting from your machine and assuming that you started Jenkins on port 8080) or http://<machine_hostname>:8080 when connecting from anywhere.
So no matter what you specify it has no effect on connecting to Jenkins, therefore http://name_of_my_machine.jenkins:8080/ won't work, as .jenkins is not part of the name (e.g. ping name_of_my_machine.jenkins won't find the host).
Whenever Jenkins needs to create a URL that points to itself, Jenkins picks it up from the "Jenkins URL" setting in the global configuration.
Jenkins could try to guess the URL by e.g. getting the hostname and combining that with the port it is running on. But sometimes the hostname is not the same as the DNS name. And what if you have placed a front-end or proxy before Jenkins that e.g. terminates SSL connections and you would really like people to use Jenkins at https://company.com/jenkins/. Jenkins running in port 8080 cannot know about the front-end. The only reliable way for Jenkins to get the URL to itself is for an administrator setting it in Jenkins configuration.
Jenkins needs to know it's own URL when it is creating links that point back to itself. It does this e.g. when it sends out emails containing direct links to build results. Also, if you have a JNLP type slave, the slave initiates the connection to the master and the master returns a message which contains a link back to Jenkins for downloading the slave agent software.
Do you mean the option in the E-mail configuration section? This is only to generate the links in emails Jenkins sends (see the help for the option -- click the symbol with the question mark). If after changing it you cannot access your server anymore, it must be something else.