From @bazinski on Thu Nov 09 2017 16:18:23 GMT+0000 (UTC)
I am trying to get a new build server up at chpc.
I map port 9934 to port 22 on the "donated" host,
I was going to ask about where I find the public key for the jenkins user.
I however see that I am able to create a new key pair for each cloud deployed.
Am I right ?
So i dont need to use some global jenkins account to log into the slave host.
Will try later.
Copied from original issue: https://github.com/AAROC/CODE-RADE/issues/208
From @brucellino on Fri Nov 10 2017 09:04:26 GMT+0000 (UTC)
Hey @bazinski Just checking if I understand this - you want a new build server, or you want a new "cloud" ? IE, place to instantiate builds ?
A new build server = a new jenkins instance.
A new cloud = new docker/openstack endpoint on the same build server, ie ci.sagrid.ac.za.
I'm assuming you want a new cloud, right ?
If I remember correctly from previous discussions, we were setting up a docker endpoint - see the screenshot
The one in the screenshot is obviously localhost - you need to let me know the IP/port of the docker endpoint, and then we configure that cloud the same way as the local cloud.
From @bazinski on Fri Nov 10 2017 09:32:23 GMT+0000 (UTC)
Ja cloud, my bad,
Its a docker end point via ssh.
I was wondering about the auth, but I saw when doing the add cloud thing that one can define the user auth there, so the private key for user jenkins is stored in the "additional cloud" somewhere and the public hence generated is then put on my node.
Does the user have to be jenkins or am I free to choose that as well ?
From @brucellino on Fri Nov 10 2017 11:22:14 GMT+0000 (UTC)
> Its a docker end point via ssh.
Ah... no. It's a docker endpoint via HTTP, I think. That's the part where Jenkins talks to Docker to make new containers.
I think you're confusing that bit with the part where jenkins talks to the new container to start the build. THAT happens over ssh or jnlp
So, just to follow up on this - we tried the installation of a new docker endpoint this week at the CHPC. The issue we came up against was the launching of the slave process on the containers remotely, let me elaborate.
The installation of the Docker endpoint and its configuration to allow remote API access was fine.
We could attach the endpoint as a docker cloud to the Jenkins server, and probe it.
Test jobs triggered on jenkins resulted in containers being launched on the remote endpoint
Test jobs could not launch the slave, and could not access the slave.
After some consideration, we determined that the problem was that the jenkins server at ci.sagrid.ac.za could not reach the slaves it launched over the network, since they were being instantiated on a private network address space on the remote site.
The only ways to solve this would be
Neither of these is acceptable
Reminder : The fundamental issue is not being able to access the slave from the jenkins instance. We could solve this problem by having a new jenkins instance on the remote site and "federate" it somehow with the main one.
This is probably what we will do...
I just realised that when i go to 10G and completely off the chpc network, I am free to allocate public ip's as I see fit.
I will have a /24 available, so maybe we should postpone a decision on this till my cables arrive.
As soon as the cables arrive Shukri, William and I will then migrate our site to the new network block.
I can then route traffic as I prefer, making the original docker option functional.
I see from reading about master/slave setups of jenkins that one would have to define what runs where, which seems to defeat the purpose ?
Ya, the best would be to have a VPN or something like that between the two sites. The easiest way to do this is probably just to use ACLs to block of all access to the jenkins slave range to only the main jenkins server.
