Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

liquibase runner refusing to run on Jenkins Slave #10

Open
abc-njspencer opened this issue Jan 10, 2017 · 4 comments

Comments

Projects
None yet
3 participants
@abc-njspencer
Copy link

commented Jan 10, 2017

Even if we set the Restrict where this project can be run to our slave, it still runs on master. Which is a problem because firewall rules prevent Jenkins master from accessing Postgres master but not the Jenkins Slave. Also we don't want that load on the master. This is the only plugin we have that does this. I even upgraded to 1.2.1 in hopes that might fix it.

Is this a bug or by design and can it be fixed?

@prospero238

This comment has been minimized.

Copy link
Member

commented Jan 11, 2017

I can tell you it isn't by explicit design.

I've created a jira issue here: https://issues.jenkins-ci.org/browse/JENKINS-41002

I'll provide updates on the Jira issue.

Sorry for your problem, and thank you for giving me the heads up!

@prospero238

This comment has been minimized.

Copy link
Member

commented Jan 12, 2017

After reviewing, this isn't something I can remedy quickly. You're quite correct in that Jenkins master (as of now) needs to be able to connect to the target database, as liquibase is exercised on the master.

I do, however, have this workaround. It involves modifying the Jenkins slave connection to setup port forwarding. I'm assuming that, in your situation, the Jenkins slave and the target postgres server are not one in the same (see below notes otherwise). I've used this approach elsewhere with success.

  • Modify the slave node configuration. You'll want to change the "Launch method" to be "Launch agent via execution of command on the master". The launch command should be "ssh [user]@[slave host] -L5432:[db host]:5432 java -jar [path to slave.jar]". See Jenkins documentation for info about this configuration. For us, the important part is the "-L5432:[db host]:5432" which sets up the port forwarding.

  • Change your liquibase job configuration so that the JDBC URL is something like "jdbc:postgresql://localhost:5432/sample". The important part is that the host name is localhost.

Once these steps are done, the Jenkins master's JDBC connection will go over ssh using port forwarding.

Notes:

  • I've assumed port 5432 is an available port on Jenkins master. If it isn't, change the ssh config to be like "-L6666:[db host]:5432" where "6666" is an available port. Then, in your liquibase configuration, the jdbc url would reflect this port as well, example: jdbc:postgresql://localhost:6666/sample

  • If the Jenkins slave is the same machine as the target database server, you can use "-L5432:localhost:5432" (using "localhost" instead of the database host name).

  • Older versions of Jenkins did not have a slave launch option like I've described. However, you can do the same thing using its "launch via webstart" option. Ask me for details if you need info.

  • There are other potential security restrictions you may run into depending on your server/network setup. Also, you may want to make your Ops staff aware of what's going on. There's no shenangians, but I'd keep them in the loop.

@abc-njspencer

This comment has been minimized.

Copy link
Author

commented Jan 13, 2017

Alright. I appreciate the suggestion on a workaround. I have passed that to our DevOps team.

@SnazzyBootMan

This comment has been minimized.

Copy link

commented Mar 20, 2017

Appreciate the work around but I am correct in thinking that this will only work on persistent slaves rather than say on on-demand EC2 slaves?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.