Resolution
The best practice is using Docker for Cloud Agents (on demand).
-
For CJT, CJPCM and Jenkins use Docker pipeline plugin. Or Yet Another Docker plugin in case you use freestyle jobs.
-
For CJEMM - Docker Agents.
Having said that, the steps are as follows, depending on the type of connector.
SSH Connection
Prerequisite: SSH key-pair.
In the Docker Server
1. Run docker run jenkins/ssh-agent "<my-key>.pub". Note <my-key>.pub should be passed as string (not the path).
Following, an example:
> docker run jenkins/ssh-agent "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCt5jaFU+q4An8cNxJNQSxxJ ... TQa2a9+0aSM9NtsoW8Q== user@ubuntu" [[ '' == ssh-* ]] + [[ 1 -gt 0 ]] + [[ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCt5jaFU+q4An8cNxJNQSxxJ ... TQa2a9+0aSM9NtsoW8Q== user@ubuntu == ssh-* ]] + write_key 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCt5jaFU+q4An8cNxJNQSxxJ ... TQa2a9+0aSM9NtsoW8Q== user@ubuntu' + mkdir -p /home/jenkins/.ssh + echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCt5jaFU+q4An8cNxJNQSxxJ ... TQa2a9+0aSM9NtsoW8Q== user@ubuntu' + chown -Rf jenkins:jenkins /home/jenkins/.ssh + chmod 0700 -R /home/jenkins/.ssh + shift 1 + grep _ + env + ssh-keygen -A ssh-keygen: generating new host keys: RSA1 + exec /usr/sbin/sshd -D -e Server listening on 0.0.0.0 port 22. Server listening on :: port 22.
In the Jenkins Server
2. Create a Credential type SSH username with Private Key (<my-key>), set Username as jenkins.
3. Create a new Node (<SSH_Docker_Agent>) being Launch method : Launch Agents via SSH and setting correctly the SSH port (22 in Dockerhub Jenkins - SSH agent). After saving the configuration of <SSH_Docker_Agent>, it will get connected to the controller. For host key verification settings in the Node configuration, please review the different options in this article.
JNLP Connection
In Jenkins
1. Go to Manage Jenkins > Global Security, Enable TCP port for JNLP agents and select Java Web Start Agent Protocol/4 (starting from Jenkins 2.27).
2. Create a new Node (<JNLP_Docker_Agent>) being Launch method : Launch Agents via Java Web Start.
3. After saving <JNLP_Docker_Agent>, get your secrets on <JENKINS_URL>/computer/<JNLP_Docker_Agent>/.
See also: How to find agent secret key via API.
In the Docker Server
4. Run docker run cloudbees/cloudbees-core-agent:CONTROLLER_VERSION -url <JENKINS_URL> <JNLP_Docker_Agent_SECRET> <JNLP_Docker_Agent_NAME> and it will get connected to the controller.
Following, an example:
> docker run cloudbees/cloudbees-core-agent:CONTROLLER_VERSION -url https://jenkins.example/ 5455ab4bbafa983906f40b41e9e54599d5c8d7f070940c10f7f7a12aab5b003a docker-jnlp Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior Sep 20, 2017 4:58:59 PM hudson.remoting.jnlp.Main createEngine INFO: Setting up agent: docker-jnlp Sep 20, 2017 4:59:00 PM hudson.remoting.jnlp.Main$CuiListener <init> INFO: Jenkins agent is running in headless mode. Sep 20, 2017 4:59:00 PM hudson.remoting.Engine startEngine WARNING: No Working Directory. Using the legacy JAR Cache location: /home/jenkins/.jenkins/cache/jars Sep 20, 2017 4:59:00 PM hudson.remoting.jnlp.Main$CuiListener status INFO: Locating server among [https://jenkins.example/] ... Sep 20, 2017 4:59:00 PM hudson.remoting.jnlp.Main$CuiListener status INFO: Agent discovery successful Agent address: 192.168.0.12 Agent port: 7359 Identity: 25:64:bb:7b:7b:fc:2d:16:cc:ff:d1:c2:72:f2:97:11 Sep 20, 2017 4:59:00 PM hudson.remoting.jnlp.Main$CuiListener status INFO: Handshaking Sep 20, 2017 4:59:00 PM hudson.remoting.jnlp.Main$CuiListener status INFO: Connecting to 192.168.0.12:7359 Sep 20, 2017 4:59:00 PM hudson.remoting.jnlp.Main$CuiListener status INFO: Trying protocol: JNLP4-connect Sep 20, 2017 4:59:01 PM hudson.remoting.jnlp.Main$CuiListener status INFO: Remote identity confirmed: 25:64:bb:7b:7b:fc:2d:16:cc:ff:d1:c2:72:f2:97:11 Sep 20, 2017 4:59:01 PM hudson.remoting.jnlp.Main$CuiListener status INFO: Connected