Issue
- This article presents an overview of the best practice for configuring Remoting Agents for CloudBees CI on Traditional Platforms: Permanent Agents (in the Controllers side) and Share Agents/Cloud (in the Operation Center). Note that those types of agents can be configured in Modern Platform too, however CloudBees Modern Platforms use Kubernetes plugin for agent provisioning.
Environment
- CloudBees CI (CloudBees Core)
- CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
- CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
- CloudBees CI (CloudBees Core) on traditional platforms - Client controller
- CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
- CloudBees Jenkins Platform - Client controller
- CloudBees Jenkins Platform - Operations Center
Resolution
Global Security
A - Agents Protocols
: Recommended setup (default in 2.73.1+)
- Java Web Start Agent Protocol/4 (TLS encryption)
- Diagnostic-Ping
- OperationsCenter2
B - Disable Enable CLI over Remoting
see Remoting Connection Mode.
C - Enable Agent → Controller Access Control
Agent Daemonization
Use CloudBees SSH Build Agents plugin which provides a much better throughput than SSH Build Agents plugin.
The CloudBees SSH Build Agents Plugin version 2.0 and above supports agents running Microsoft Windows.
In case running CloudBees SSH Build Agents running in Windows is not a valid a approach for certain use case, use Inbound Agent (JNLP) + winsw.
- Jenkins integrates it since 2.50
- Installation: Automatic or Manual
-
Considerations for manual installation
- Configuration. An example of configuration can be found here.
- Other considerations: (1) There is a flag, which allows to install the service in the interactive mode. (2) When you launch Jenkins agents on a 64bit Windows, make sure your Windows service uses 64bit Java as an executable. Otherwise you may experience issues with runaway processes as described here.
Number of executors
Built-In Node (formerly known as “master” node) should be configured as:
# of executors
as 0label
asOnly build jobs with label expressions matching this node
For the rest of nodes, it greatly depends on the use-cases and job types. Nevertheless, general recommendations are:
- Set less than (Ncores-1) executors for Permanent Agents
- Use 1 executor only for Share/Cloud Agents . Since
operations-center-cloud > 1.8.4
,OperationsCenterNodeProvisioningStrategy
provides much faster provisioning response. This means that nodes are requested as soon as possible for nodes that can be provisioned from OC. To enable it, use single shot mode (retentionStrategyShotCount=1
and# of executors = 1
) see Why do agents show as suspended while jobs wait in the queue.
Websocket for Inbound Agents
For Inbound Agents is recommended to use WebSocket to connect to the Jenkins controller rather than the TCP port. See JEP-222 for background.
Agents Monitoring
Node Table
- Agent Monitoring Versions This plugin offers two Node Monitors: one for the version of the Remoting library, and one for the JVM. This helps be aware and possibility automatically disconnect agents that don’t comply to configuration and avoid issues. Note: JVM Version > Enable
disconnect Agent when incompatibility is found
. - Percentage Disk Space Node Column Plugin This plugin shows the percentage of disk space usage column on “Manage Nodes” page.
CloudBees Monitoring Plugin
- Standard health checks.
- Standard metrics - Many
jenkins.node.*
types metrics.
Ensure Logging is enabled in your Agents
See Remoting Logging.
Agents executing builds from more than one master
- Recommendation: Shared Agent/Shared Cloud managed by CJP-OC or CJE-OC.
-
For Permanent agents, 2 options:
- Docker container for Permanent Agents running in the same host.
-
If you are not using Docker containers, create one user per agent and use different user
home
asRemote FS
for each agent. Example for “Remote Machine A”:- “Permanent Agent 1” defined in “Controller 1” - Remote FS: “/home/user1” (Host: “Remote Machine A”)
- “Permanent Agent 2” defined in “Controller 2” - Remote FS: “/home/user2” (Host: “Remote Machine A”)
0 Comments