Hudson CI Server: setting up remote slaves AND restrictive security together


NOTE: this applies to Hudson version 1.352

Ok so yesterday I was setting up a publicly accessible build server, that was not to be viewable to anonymous sources. So I configured Hudson to “matrix security” and disallowed all access to anonymous see fig 1-1.However, once I did this my slaves stopped working entirely.  Now I could have allowed some anonymous access but here was the long sought for trick.

1) configure slaves to use “launch method” JNLP fig 1-2 below.

2) on client use java webstart to install the service by going to “http://yourserver:port/computer/slave-name/slave-agent.jnlp”. Make sure you select “install as a windows service”. In my case I had to select “file” then “install as a windows service”

3) open up wherever your base Hudson slave home was (mine was c:hudson) and find  hudson-slave.xml.

4) once hudson-slave.xml is open look for the arguments line and make the following changes (replace user:pass with whatever your username and password is that has rights).

before: -Xrs -jar "%BASE%slave.jar" -jnlpUrl <http://yourserver:8080/computer/yourslave/slave-agent.jnlp>

after:    -Xrs -jar "%BASE%slave.jar" -jnlpUrl <http://yourserver:8080/computer/yourslave/slave-agent.jnlp> -jnlpCredentials user:pass -auth user:pass

5) restart your hudson slave service and after a page refresh on your build server you should now have an up and reporting node!

 

Fig 1-1

image

fig 1-2

image

Come see my Boo talk at Alamo Coders on the 14th