Launch jenkins slaves via command

I would like to launch Jenkins slaves with the option “Launch agent via execution of command on master”.

I have a small script that would take in which container to launch Jenkins via jnlp.

    if [ -z "${JENKINS_URL:-}" ] || [ -z "${JENKINS_NAME:-}" ]; then
        echo "Missing Jenkins configuration" >&2
        exit 1
    JENKINS_KEY=$(curl -L -s -u username:password -X GET "${JENKINS_URL}/computer/${JENKINS_NAME}/slave-agent.jnlp" | sed "s/.*<application-desc main-class=\"hudson.remoting.jnlp.Main\"><argument>\([a-z0-9]*\).*/\1/")
    lxc file push agent.jar ${JENKINS_NAME}/root/
    lxc exec ${JENKINS_NAME} -- sudo apt-get install -y openjdk-8-jdk 
    lxc exec ${JENKINS_NAME} -- java -jar ~/agent.jar -jnlpUrl "${JENKINS_URL}/computer/${JENKINS_NAME}/slave-agent.jnlp" -secret "${JENKINS_KEY}" -workDir "/root/Jenkins"

When I launch this script via jenkins i get the error

    Error: Get http://unix.socket/1.0: dial unix /var/snap/lxd/common/lxd/unix.socket: connect: permission denied

jenkins user was created before installing jenkins, with usermod appended. Manually using jenkins user account can access lxc.

    $ sudo su jenkins
    $ lxc exec c1 -- pwd

Is there a better way to launch slaves using the master?

Sounds like your jenkins slave is running as the jenkins user but without having all of that user’s groups applied (specifically missing the lxd group membership).

Thanks. How can I verify this? Or fix this?

No idea unfortunately. You may be able to do some wrapping through newgrp maybe?

Tried newgrp, id, … to isolate the problem but couldn’t figure out what was causing this issue.

Finally went with adding jenkins to sudoers. Definitely not a good idea. Anyways there should be a docker like plugin for jenkins.

Just an idea, but we setup the jenkins slaves on LXD via ssh (we allow the jenkins master to connect via ssh key) and then have some helper functions in Jenkins to help with setting / adding the jenkins slave

1 Like