Remoting Best Practices for CloudBees CI on Traditional Platforms

Issue

  • This article presents an overview of the best practice for configuring Remoting Agents for CloudBees CI on Traditional Platforms: Permanent Agents (in the Controllers side) and Share Agents/Cloud (in the Operation Center). Note that those types of agents can be configured in Modern Platform too, however CloudBees Modern Platforms use Kubernetes plugin for agent provisioning.

Environment

Resolution

Global Security

A - Agents Protocols: Recommended setup (default in 2.73.1+)

  1. Java Web Start Agent Protocol/4 (TLS encryption)
  2. Diagnostic-Ping
  3. OperationsCenter2

B - Disable Enable CLI over Remoting see Remoting Connection Mode.

C - Enable Agent → Master Access Control.

Agent Daemonization

Use CloudBees SSH Build Agents plugin which provides a much better throughput than SSH Build Agents plugin.

The CloudBees SSH Build Agents Plugin version 2.0 and above supports agents running Microsoft Windows.

In case running CloudBees SSH Build Agents running in Windows is not a valid a approach for certain use case, use Inbound Agent (JNLP) + winsw.

  • Jenkins integrates it since 2.50
  • Installation: Automatic or Manual
  • Considerations for manual installation

    • Configuration. An example of configuration can be found here.
    • Other considerations: (1) There is a flag, which allows to install the service in the interactive mode. (2) When you launch Jenkins agents on a 64bit Windows, make sure your Windows service uses 64bit Java as an executable. Otherwise you may experience issues with runaway processes as described here.

Number of executors

Master Node should be configured as:

  • # of executors as 0
  • label as Only build jobs with label expressions matching this node

For the rest of nodes, it greatly depends on the use-cases and job types. Nevertheless, general recommendations are:

  • Set less than (Ncores-1) executors for Permanent Agents
  • Use 1 executor only for Share/Cloud Agents . Since operations-center-cloud > 1.8.4, OperationsCenterNodeProvisioningStrategy provides much faster provisioning response. This means that nodes are requested as soon as possible for nodes that can be provisioned from OC. To enable it, use single shot mode (retentionStrategyShotCount=1 and # of executors = 1) see Why do agents show as suspended while jobs wait in the queue.

Websocket for Inbound Agents

For Inbound Agents is recommended to use WebSocket to connect to the Jenkins master rather than the TCP port. See JEP-222 for background.

Agents Monitoring

Node Table

  • Agent Monitoring Versions This plugin offers two Node Monitors: one for the version of the Remoting library, and one for the JVM. This helps be aware and possibility automatically disconnect agents that don’t comply to configuration and avoid issues. Note: JVM Version > Enable disconnect Agent when incompatibility is found.
  • Percentage Disk Space Node Column Plugin This plugin shows the percentage of disk space usage column on “Manage Nodes” page.

CloudBees Monitoring Plugin

Ensure Logging is enabled in your Agents

See Remoting Logging.

Agents executing builds from more than one master

  • Recommendation: Shared Agent/Shared Cloud managed by CJP-OC or CJE-OC.
  • For Permanent agents, 2 options:

  • Docker container for Permanent Agents running in the same host.
  • If you are not using Docker containers, create one user per agent and use different user home as Remote FS for each agent. Example for “Remote Machine A”:

    • “Permanent Agent 1” defined in “Master 1” - Remote FS: “/home/user1” (Host: “Remote Machine A”)
    • “Permanent Agent 2” defined in “Master 2” - Remote FS: “/home/user2” (Host: “Remote Machine A”)

Have more questions?

0 Comments

Please sign in to leave a comment.