Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Create minimalistic Jenkins deployment
  • Install node-sharing-orchestrator plugin including its dependencies
  • Start Jenkins with following java properties
    • -Dcom.redhat.jenkins.nodesharingbackend.Pool.ENDPOINT=cloneable_git_url_pointing_to_config_repo
    • -Dcom.redhat.jenkins.nodesharingbackend.Pool.USERNAME=name_of_the_REST_user
    • -Dcom.redhat.jenkins.nodesharingbackend.Pool.PASSWORD=password_of_the_REST_user
  • Verify no Administrative Monitor warnings are issued once Jenkins is started
  • Configure dedicated automation account to receive incoming REST calls granting it permission named NodeSharing.Reserve. No real user should be granted this permission. How to do this is specific to particular authorization strategy used.
    • Example Jenkins Configuration as Code definition:

      No Format
      unclassified:
        location:
          # Needs to be set correctly so orchestrator knows its own url
          url: https://ci.example.com/orchestrator
      
      jenkins:
        numExecutors: 0
        quietPeriod: 0
        slaveAgentPort: -1
        securityRealm:
          local:
            users:
              - id: "admin"
                password: "secret"
              - id: "nodesharing"
                password: "secret too"
        # Set necessary permission for 'nodesharing' account as well for anonymous
        # user so executor users can use orchestrator as a dashboard
        authorizationStrategy:
          globalMatrix:
            grantedPermissions:
            - "Overall/Administer:admin"
            - "Overall/Read:anonymous"
            - "Job/Read:anonymous"
            - "Overall/Read:nodesharing"
            - "Job/Read:nodesharing"
            - "NodeSharing/Reserve:nodesharing"
      

      (Note it requires configuration-as-code and configuration-as-code-support plugins installed to execute, plus all the plugins needed by the declaration itself)

Executors

  • Install node-sharing-executor plugin including its dependencies on instances to utilize the pool
  • Note that node definitions in config repo can refer to further plugins that needs to be installed on executors too.
  • Add Shared Nodes cloud specifying cloneable git url pointing to config repo and credentials for the rest user.
  • Create SSH credentials used to connect the machines. Their ids needs to match those in config repo nodes.
  • Configure dedicated automation account to receive incoming REST calls granting it permission named NodeSharing.Reserve. No real user should be granted this permission. How to do this is specific to particular authorization strategy used
  • Example Jenkins Configuration as Code definition:

    No Format
    unclassified:
      location:
        # Needs to be set correctly to executor knows its own url
        url: https://ci.example.com/jenkins
    
    jenkins:
      # Dedicated user needed to receive REST calls from orchestrator
      securityRealm:
        local:
          users:
            - id: "nodesharing"
              password: "nodesharing"
      authorizationStrategy:
        globalMatrix:
          grantedPermissions:
          - "Overall/Read:nodesharing"
          - "Job/Read:nodesharing"
          - "NodeSharing/Reserve:nodesharing"
    
      # Cloud hooking executor to the pool
      clouds:
        - nodeSharing:
            configRepoUrl: https://git.example.com/team/node-sharing-config-repo.git
            orchestratorCredentialsId: "node-sharing-rest-password-id"
    
    credentials:
      system:
        # Any credentials we are referring to from node definitions
        domainCredentials:
        - credentials:
          - usernamePassword:
              scope: SYSTEM
              id: "node-sharing-rest-password-id"
              username: "nodesharing"
              password: "secret"
              description: "Rest credential for node sharing"
    

    (Note it requires configuration-as-code and configuration-as-code-support plugins installed to execute, plus all the plugins needed by the declaration itself)