Can I create agent for built in node

Hi,
I’m new to Jenkins. I recently upgraded Jenkins to 2.319.1. Then I got a message/Notification that:
Building on the built-in node can be a security issue. You should set the number of executors on the built-in node to 0.

But there are already some jobs running previously on master (built-in) node. When I set the # of executers to 0 then those jobs are no more running.

That means do I need to create another Agent where the Jenkins is running or is there any other solution to this? Please help me.

Another question is regarding :Review label assignments in job configurations and tool installers for uses of master label. Any such label assignments will not match the built-in node after migration. Besides updating these assignments, you could also explicitly add the master label to the built-in node.

Where can I explicitly add master label to built in node?

Or can I just ignore these notifications and continue with Jenkins as earlier after applying migration?

Thanks Rachel

Adding an agent is the best solution in your case. If you don’t have a second machine to host the agent, you can create a separate user account on the same computer that hosts your controller and then use that account to run the agent.

Labels are added to the built-in node from either the /manage page ("# of executors") or from the “Built-in Node” link on the page that opens when you click “Build Executor Status”. It is almost always better to adjust your job definitions rather than add the label ‘master’ to the built-in node.

If your job definitions do not explicitly declare that they must run on a label ‘master’, then you can apply the migration, add an agent, and you’re done. If the job definitions explicitly declare that they must run on a label ‘master’, then you’ll need to review the reason that label was applied to the job and adapt as needed.

Thanks for your quick reply Mark. I was fortunate to watch one of your youtube videos (What’s New in Jenkins LTS 2.319.1) and it also helped me in understanding the terminology.

I would take your suggestion and create a new user account and run the agent.

1 Like

I tried to create new agent. But within my Launch Methods I don’t see ’ Launch agents using Java Web Start ’ option. So I used ‘Launch Agent by connecting it to the controller’ and created the agent. I downloaded the agent and tried to start it through command line : javaws .\jenkins-agent.jnlp -o.
I go ahead and run the jenkins remote agent then I get it connected and then terminated as seen below.

image

When I clicked on the agent I see the following error:

java.nio.channels.ClosedChannelException
at org.jenkinsci.remoting.protocol.impl.ChannelApplicationLayer.onReadClosed(ChannelApplicationLayer.java:238)
at org.jenkinsci.remoting.protocol.ApplicationLayer.onRecvClosed(ApplicationLayer.java:221)
at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecvClosed(ProtocolStack.java:825)
at org.jenkinsci.remoting.protocol.FilterLayer.onRecvClosed(FilterLayer.java:288)
at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.onRecvClosed(SSLEngineFilterLayer.java:179)
at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.switchToNoSecure(SSLEngineFilterLayer.java:281)
at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processWrite(SSLEngineFilterLayer.java:501)
at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processQueuedWrites(SSLEngineFilterLayer.java:246)
at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.doSend(SSLEngineFilterLayer.java:198)
at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.doCloseSend(SSLEngineFilterLayer.java:211)
at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.doCloseSend(ProtocolStack.java:793)
at org.jenkinsci.remoting.protocol.ApplicationLayer.doCloseWrite(ApplicationLayer.java:172)
at org.jenkinsci.remoting.protocol.impl.ChannelApplicationLayer$ByteBufferCommandTransport.closeWrite(ChannelApplicationLayer.java:340)
at hudson.remoting.Channel.close(Channel.java:1501)
at hudson.remoting.Channel.close(Channel.java:1454)
at jenkins.slaves.DefaultJnlpSlaveReceiver.afterChannel(DefaultJnlpSlaveReceiver.java:178)
at org.jenkinsci.remoting.engine.JnlpConnectionState.fire(JnlpConnectionState.java:337)
at org.jenkinsci.remoting.engine.JnlpConnectionState.fireAfterChannel(JnlpConnectionState.java:428)
at org.jenkinsci.remoting.engine.JnlpProtocol4Handler$Handler.lambda$onChannel$0(JnlpProtocol4Handler.java:334)
at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Can anyone please let me know how I can address this issue?

Please also let me know the difference between Launch agents using Java Web Start and Launch Agent by connecting it to the controller.

Thank you!

Java Web Start was a technology that allowed desktop users to launch local programs from their web browsers. As the technology landscape shifted, the risks from launching local programs from web browsers outweighed the benefits. Java Web Start was removed from Java 9 and later.

Don’t use Java Web Start. If you upgrade to Java 11 (which is a good thing to do in any case), it won’t even offer Java Web Start as an option.

Launch agent by connecting it to the controller will allow you to download a small file (agent.jar) to your agent computer / account, then run that agent program with a batch file (Windows), Powershell file (Windows), or shell script (Linux, FreeBSD, OpenBSD, macOS, etc.).

If you’re willing to install and configure Microsoft’s OpenSSH for Windows, then you could also use ssh to launch Windows agents. It works quite well in my use.

Thanks Mark. I will have to check if Microsoft’s OpenSSH for Windows is installed on my machine and learn more about it. For now I used Launch agent by connecting it to the controller and it worked.