The purpose of this post is to learn how to easily connect a master node to different agent nodes using SSH. To provision all the machines involved in this example we are going to use shell scripts but we could do the same using a provisioning tool like Ansible. These are some possible scenarios:
- We have a Jenkins master node and we need various agent nodes to perform specific tasks.
- We have a cluster of machines that need to be connected.
- We need to implement a secure master/slave database replication for MySQL or Postgres.
- We own different servers and we simply want access them from our local machine in a passwordless authentication way.
Before you begin
A Linux/Mac OS machine is required to follow this tutorial.
Step 1 - Create a SSH key pair (public/private)
ssh-keygen setting a passphrase and a destination (by default ~/.ssh/id_rsa ~/.ssh/id_rsa.pub). I strongly recommend to add a strong passhprase, to do it you can use
apg commands for example.
If you don’t have ssh-keygen binary you can easily install it by typing:
# Debian/Ubuntu apt-get update -y && apt-get install openssh-client -y # Alpine Linux apk add --update openssh-client # Fedora/CentOS yum update && yum install openssh-clients -y
Double check ssh-keygen created a private and public key files.
Keep these keys in a safe place using LastPass for example and avoid to upload at least the private key in a remote git repository (..but if you have to do it, use encryption,
ansible-vault can help you).
Step 2 - Create an OS user on every agent node
You should create an OS user on every agent node with:
- Home folder
- Sudo (passwordless)
- Public key in
2.1 Creating a user with home folder
The following command creates a new user
my_new_user with a home directory
useradd -m my_new_user passwd my_new_user
2.2 Adding sudo (passwordless) to my_new_user
Make sure sudo is installed otherwise run:
apt-get update && apt-get install sudo -y
Add my_new_user to the sudoer group (you must be a privileged user):
echo "my_new_user ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
Check my_new_user can use sudo without typing its password:
su my_new_user sudo apt-get install tree -y
2.3 Adding public key to my_new_user home folder
Run the following commands to setup the key:
$ mkdir -p ~/.ssh $ chmod 700 ~/.ssh $ vim ~/.ssh/authorized_keys # Add the public key ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys
Step 3 - SSH from master node to agent nodes
Once all nodes have a user and a public key you can place the private in your host/master node and SSH to them:
ssh -i /private_key_path/id_rsa my_new_user@[MY_AGENT_NODE_IP]
This post can be used to create a secure communication between Jenkins master and Jenkins agents. Note that in this case agent nodes need Java as well (
apt-get install openjdk-8-jdk-headless).