All geek questions in one place

Jenkins Slave 403 although anonymous Slave connection is enabled

We use a configuration like Jenkins Master and Slave (both types of Linux). Recently updated to the LTS version, and for some reason, Slaves connects to Master only when anonymous privileges are granted.

I read messages about granting privileges to an anonymous subordinate connection, but when I try to execute this error, I get 403 requests.

The only way to do this is to grant anonymous administrator privileges (which is risky), save it, and then return to Jenkins Management> Security Settings> Delete Anonymous Administrator> Add Connected Device Privileges. The problem with this workaround is that I get the same 403 error when slave reboots until I have granted anonymous admin privileges.

I tried installing a new slave.jar which did not help.

We are using an LDAP binding account, is there an easy solution to this 403 problem without having to re-enter the binding password (which we did recently after updating Jenkins)

+6
source share
1 answer

Nothing like an answer after 1.5 years, but I just stumbled upon this!

How I dealt with this is the Role-Based Strategy plugin.

Summary

The basics:

  • Add and enable the plugin Role Based Plugin
  • Creating a global group swarmclient
  • Grant swarmclient group only subordinate privileges
  • I am currently authorizing an anonymous group to be in the swarmclient group.
    • In the future, I will probably reject the swarmclient privileges for the anonymous group and instead create accounts in the swarmclient group.

More details

In Manage Jenkins > Configure Global Security > Authorization enable a role-based strategy.

enable role strategy

In Manage Jenkins > Manage Roles > Manage and Define Roles I added "swarmclient" to global roles. Grant this group Create permissions in the sub-section of the global settings:

swarmclient global group priveleges

Then in Manage Jenkins > Manage Roles > Assign Roles you add an anonymous group to the swarmclient group:

assign anonymous swarmclient group

And finally, as mentioned above, if you need some restrictions on machines that can connect as a swarm click, simply:

  • create user (s) for swarm
  • add them to the swarmclient group
  • remove the swarmclient permissions (on the Assign Roles page) from the anonymous group.
0
source

Source: https://habr.com/ru/post/971808/

More articles:


All Articles