Hudson CI Server: setting up remote slaves AND restrictive security together

NOTE: this applies to Hudson version 1.352

Ok so yesterday I was setting up a publicly accessible build server, that was not to be viewable to anonymous sources. So I configured Hudson to “matrix security” and disallowed all access to anonymous see fig 1-1.However, once I did this my slaves stopped working entirely.  Now I could have allowed some anonymous access but here was the long sought for trick.

1) configure slaves to use “launch method” JNLP fig 1-2 below.

2) on client use java webstart to install the service by going to “http://yourserver:port/computer/slave-name/slave-agent.jnlp”. Make sure you select "install as a windows service”. In my case I had to select “file” then “install as a windows service”

3) open up wherever your base Hudson slave home was (mine was c:hudson) and find  hudson-slave.xml.

4) once hudson-slave.xml is open look for the arguments line and make the following changes (replace user:pass with whatever your username and password is that has rights).

before: <arguments>-Xrs -jar "%BASE%slave.jar" -jnlpUrl http://yourserver:8080/computer/yourslave/slave-agent.jnlp</arguments>

after:    <arguments>-Xrs -jar "%BASE%slave.jar" -jnlpUrl http://yourserver:8080/computer/yourslave/slave-agent.jnlp -jnlpCredentials user:pass -auth user:pass</arguments>

5) restart your hudson slave service and after a page refresh on your build server you should now have an up and reporting node!


Fig 1-1


fig 1-2


About Ryan Svihla

I consider myself a full stack polyglot, and I have been writing a lot of JS and Ruby as of late. Currently, I'm a solutions architect at DataStax
This entry was posted in CI, Hudson. Bookmark the permalink. Follow any comments here with the RSS feed for this post.