Re: JNLP slave no longer works

Fri, 11 Jan 2013 03:53:24 -0800 

Hi,
I managed to fix this fairly simply on my windows slaves (tested on XP, Vista & Win 7). The fix should be similar for Linux slaves but I use a home-cooked script to start those so you'll have to adapt the solution as appropriate. 


1 - autheticate as a Jenkins admin in a browser of your choice and 
download the slave-agent.jnlp file for the slave. The download URL will 
be something like

http://<jenkinsurl>/computer/<slavename>/slave-agent.jnlp
and can be found in the jenkins-slave.xml file on the slave.


2 - transfer slave-agent.jnlp to the slave and store in the same folder 
as slave.jar and jenkins-slave.xml files


3 - edit jenkins-slave.xml and change the URL of slave-agent.jnlp to be
file:///%BASE%/slave-agent.jnlp
That means that the arguments line in jenkins-slave.xml will likely read


 <arguments>-Xrs -jar "%BASE%\slave.jar" -jnlpUrl 
file:///%BASE%/slave-agent.jnlp</arguments>


Now just start the slave service as normal and all should work.


Disclaimer: I haven't studied the security implications of storing 
slave-agent.jnlp at that location in the slave. I suspect it is fine but 
it would be good if someone could comment on whether there is a better 
location.


Richard

P.S. I just added this to
https://issues.jenkins-ci.org/browse/JENKINS-16273
because it seems to be an appropriate solution there.

On 11/01/2013 10:55, matthew.web...@diamond.ac.uk wrote:

 From a message I sent to the list a few days ago, which worked for at
least some people:





I was in a slightly different situation (linux, slaves launched
manually), but had the 403 as well. Fixed by going to Manage Jenkins ->
  Configure Global Security, and under  Project-based Matrix
Authorization Strategy I had to enable “connect” in the “slave” section,
for user “Anonymous”.

<<<

I’m not sure if that address your problem, of what the security
implications are, but anyhow …

Matthew Webber

*From:*jenkinsci-users@googlegroups.com
[mailto:jenkinsci-users@googlegroups.com] *On Behalf Of
*stuart.gr...@doccentrics.com
*Sent:* 11 January 2013 10:39
*To:* jenkinsci-users@googlegroups.com
*Subject:* Re: JNLP slave no longer works

Thanks for the info, but how is this change applied to a linux slave?


On Tuesday, 8 January 2013 02:50:39 UTC, Kohsuke Kawaguchi wrote:

This is unfortunately a necessary measure.

See the "Fix" section in
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04


--
Kohsuke Kawaguchi























					Reply via email to