Windows slave support #67

Closed
wants to merge 1 commit into
from

Projects

None yet

5 participants

@masterzen

This changeset introduces support for windows AMI to the ec2-plugin.
The windows slaves are connected to with SMB over TCP to send the initial
slave.jar and connected to from jenkins using WinRM/WinRS.

Unlile linux based AMI, the windows AMI requires:

  • a specific security group allowing SMB over TCP (incoming TCP port 445)
  • a specific securify group alloaing WinRM (incoming TCP port 5985)
  • a java virtual machine installed in the Windows %PATH%
  • SMB over TCP should be enabled in the windows firewall (this can be
    done with: netsh firewall set portopening tcp 445 smb enable)
  • WinRM must be configured and enabled, with the following commands:
    • winrm quickconfig (answer y to both questions)
    • winrm set winrm/config/service/Auth @{Basic="true"}
    • winrm set winrm/config/service @{AllowUnencrypted="true"}
    • winrm set winrm/config/winrs @{MaxMemoryPerShellMB="1024"}
  • a fixed administrator password (there's no way for the plugin
    to figure out the random password of the base EC2 Windows AMI)

This changeset enhance the Slave Template configuration to specify a
Windows only settings (like windows administrator password of the configured
remote user). Unix only settings have been grouped into their own Unix section.

Note: the current WinRM implementation is not running onto encrypted
transport, nor use encrypted payloads. This will come in a subsequent
patch on this pull request (or a new one).

Note2: the current WinRM implementation is very roughly based on Xebialabs'
Overthere and WinRB ruby implementation. All credits goes to them. If you're asking
why this patch doesn't use Overthere directly: for the short story latest overthere version
requires Guava 14 which is not backward compatible with the Guava required by Jenkins itself.
The other reason being that jenkins sends binary data to the slave process, which wasn't well
supported in Overthere way to setup the WinRM shell. Also, Overthere is much more than a WinRM
implementation which we don't need in this case.

This support is considered experimental, even though it has been
successfully tested.

Please review and comment, I'm open to any suggestion and enhancements!

@cloudbees-pull-request-builder

plugins » ec2-plugin #44 SUCCESS
This pull request looks good

@jenkinsadmin
Member

Thank you for a pull request! Please check this document for how the Jenkins project handles pull requests

@cloudbees-pull-request-builder

plugins » ec2-plugin #50 FAILURE
Looks like there's a problem with this pull request

@cloudbees-pull-request-builder

plugins » ec2-plugin #51 SUCCESS
This pull request looks good

@masterzen

I've pushed a revised version, addind https support and fixing a few issues when provisioning slaves.

@masterzen masterzen Windows slave support
This changeset introduces support for windows AMI to the ec2-plugin.
The windows slaves are connected to with SMB over TCP to send the initial
slave.jar and connected to from jenkins using WinRM/WinRS.

Unlile linux based AMI, the windows AMI requires

* a specific security group allowing SMB over TCP (incoming TCP port 445)
* a specific securify group alloaing WinRM (incoming TCP port 5985)
* a java virtual machine installed in the Windows %PATH%
* SMB over TCP should be enabled in the windows firewall (this can be
done with: netsh firewall set portopening tcp 445 smb enable)
* WinRM must be configured and enabled, with the following commands:
  + winrm quickconfig (answer y to both questions)
  + winrm set winrm/config/service/Auth @{Basic="true"}
  + winrm set winrm/config/service @{AllowUnencrypted="true"}
  + winrm set winrm/config/winrs @{MaxMemoryPerShellMB="1024"}
* a fixed administrator password (there's no way for the plugin
to figure out the random password of the base EC2 Windows AMI)

This changeset enhance the Slave Template configuration to specify a
Windows AMI. In which case it is necessary to enter the correct
windows administrator password of the configured remote user.

Note1: the current WinRM implementation is vaguely based on Xebialabs'
Overthere and WinRB ruby implementation.

Note2: for https support (and thus encrypted communication) more AMI setup
is necessary (see the inline plugin help for more information)

This feature is considered experimental (and even more than that for the https
transport), even though it has been successfully tested,
I'm not running this yet on production.

Signed-off-by: Brice Figureau <brice@daysofwonder.com>
aebc217
@cloudbees-pull-request-builder

plugins » ec2-plugin #52 SUCCESS
This pull request looks good

@francisu
Member
francisu commented Jul 1, 2014

Hi, thanks for your contribution. Are you still interested in working on this? I have merged it into a branch for testing and am working on testing it now. I will likely have questions for you soon.

@francisu
Member
francisu commented Jul 1, 2014

Oh, and do you have a Windows AMI that I can test with, rather than having to build my own?

@masterzen

@francisu we're not using this feature in production anymore, as in the end it proved to be sometimes unreliable (from time to time there were disconnection between the master and the slave for unknown reasons I wasn't able to understand/find).

I can still help mature it and fix it, if I can reproduce the issues.

Regarding an AMI, I don't have any public ones I can share with you, but I posted a way to create one quite easily in my blog (see the Windows Base AMI section): http://www.masterzen.fr/2014/01/11/bootstrapping-windows-servers-with-puppet/

@jpd4nt
jpd4nt commented Jul 7, 2014

Hi

I am also interested in this feature and would also like to help stabilise it

@francisu
Member

Thank you for your pull requested. I have merged it so that it's easier to work on to get it ready for a release. Kudos to you for making sure existing configurations are read without problems.

The superseding pull request is: #105

I'm closing this one.

@francisu francisu closed this Jul 29, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment