My Profile Photo

James Morgan

Software engineer and automation enthusiast

on ansible jenkins docker

Docker Jenkins Slave

Contents

The aim of the docker plugin is to be able to use a docker host to dynamically provision a slave, run a single build, then tear-down that slave.

This post will cover the different aspects of this and how to go about debugging it.
As we are using RHEL6 in production the slave will be based on Centos 6 as its the closest base image.

Useful resources

Building the container with Ansible

  • TODO

SSH Daemon configuration

The Docker container needs to run a sshd. Jenkins then treats the running container like a normal box. There are a number of changes that need to happen to the default openssh-server installation sshd_config

  • Generate ssh_host_dsa_key & ssh_host_rsa_key (this may be handled when the service is started)
  • Enable public key authentication
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile	.ssh/authorized_keys
  • Disable PAM authentication
UsePAM no
#UsePAM yes
  • Add a password to the builder (jenkins) user
# Generate random password. Access will be via key though a password is needed
- name: generate random password for user only on creation (needed for ssh)
  shell: /usr/bin/openssl rand -base64 32 | passwd --stdin 
  when: newuser.changed

-

Debugging the built container

To validate the keys and sshd configuration is working before we connect Jenkins we should try and connect to the container

On the host VM start the container and open up the ssh port and start the sshd daemon and syslog

docker run --rm -p 49000:22 -it centos-slave:latest bash

[root@fc80963729ad /] service sshd start
Starting sshd:                                             [  OK  ]
[root@fc80963729ad /] service rsyslog start
Starting system logger:                                    [  OK  ]

Next we find out the IP of the running container and ssh to it as the builder user (our Jenkins user)

[root@keyst020 devadmin] docker ps -a
CONTAINER ID        IMAGE                 COMMAND             CREATED             STATUS              PORTS                   NAMES
fc80963729ad        centos-slave:latest   "bash"              49 seconds ago      Up 48 seconds       0.0.0.0:49000->22/tcp   happy_sammet

[root@keyst020 devadmin] sudo docker inspect fc80963729ad | grep -i ipa
        "IPAddress": "172.17.0.19",
[root@keyst020 devadmin]
[root@keyst020 devadmin]


[builder@keyst020 ~]$ ssh -p 22 builder@172.17.0.19
Last login: Tue Feb  3 11:46:32 2015 from 172.17.42.1

[builder@fc80963729ad ~]$
comments powered by Disqus