Add support of authentication in download settings #126
Comments
oleg-nenashev
changed the title
|
Hi Oleg, I’m currently investigating a Jenkins setup for our company. I have one Windows slave configured and when I upgraded recently to the new Jenkins release the Windows slave turned offline because the slave was to old. I found this project here on GitHub and it perfectly meets our requirements to update the slave.jar automatically before the service on the Windows slave is started. In the configuration file for the service I used the option The Jenkins server is using the reverse proxy plugin for authentication in combination with Kerberos authentication via mod_aut_kerb. The connection to the master is working but the download fails. My question is: how the download is working, I assume that it is Java based?! If yes, is there a possibility to pass the required Java options for GSSAPI authentication to the download? Thanks! |
|
@nightman68
No, it is .NET-based. The code is here: https://github.com/kohsuke/winsw/blob/929b87c383ab1ac89afff1d2ed02162be49aaddc/src/Core/WinSWCore/Download.cs . So it just downloads via the GET request using the specified
"jnlpJars/slave.jar" is a publicly accessible endpoint, so you should not need authentication. Likely the issue is with the self-signed certificate. Likely you will need to somehow register it in the system |
|
Hi Oleg, thanks for the quick response! I configured the Apache to require authentication for all content. I know that it is recommended to leave some content open but we have constraints and this behavior keeps the Apache configuration simple - my POV. I will try to check what the code gives for opportunities to add an optional authentication and will come back later on. |
oleg-nenashev
changed the title
Issue #126 - Add support of authentication in the download settings
|
I assume it is closed in 2.1.0 |
|
Hi Oleg, what Jenkins release will include this enhancement? |
|
@nightman68 there is no explicit request in Jenkins for that AFAIK. If you needs it for Windows master or Agents, could you please create an issue in JENKINS JIRA and assign it to me? https://issues.jenkins-ci.org/secure/Dashboard.jspa, my account ID is oleg_nenashev. If you have no account in JIRA, I can create it on your behalf. I just need to understand reason why the update is a blocker for you. Is it because of the automatic WinSW "downgrade" for agents (JENKINS-43603)? |
|
@oleg-nenashev it's not a blocker but I applied 2 or 3 times an upgrade to my master and every time the Windows slave was set to offline because the release was to old. May be is missed something somewhere in the documentation but I had to upgrade the slave.jar manually?! This is not the prefect solution for an deployment in my company. I want a behavior like for the Linux slaves which are upgraded automatically. Makes this sense? I have an account for Jira and can open an Improvement but I'll wait for your feedback. |
|
@nightman68 There was no automatic update of slave.jar till 2.50: https://jenkins.io/changelog/#v2.50 . In that version I enabled auto-update by default for new agent installations. Here is upgrade guide for old agents: https://github.com/jenkinsci/windows-slave-installer-module#upgrading-old-agents In jenkins auto-update is powered by |
|
@oleg-nenashev Sorry, may be I was not precise enough. Everything is fine so far but how I mentioned in my second post here:
I configured my Apache (reverse proxy plug-in + Kerberos) in that way that every access needs authentication - so the I will open an enhancement, when it will be integrated... BTW: is an update/enhancement of this Wiki for the slave configuration welcome? I made this here because our Subversion servers also forcing Kerberos auth. |
This ticket was created for the download plugin, but currently the enhancements are being done on the level of the existing
downloadcommandThe text was updated successfully, but these errors were encountered: