Open danieleagle opened 7 years ago
KostyaSha
commented
7 years ago But there is https://github.com/KostyaSha/yet-another-docker-plugin/blob/d7e4d25477b3ca6ada565a3e70ddfcbf8f1140de/yet-another-docker-plugin/src/main/resources/com/github/kostyasha/yad/launcher/DockerComputerJNLPLauncher/init.sh#L51 At all now it possible to copy slave.jar via docker cp, it wasn't implemented before because cp appeared not so long ago, but i'm ok to drop 1.9 support (or introduce checkbox).
danieleagle
commented
7 years ago @KostyaSha, I'd definitely love to have something in the UI that allows for specifying a different path to slave.jar so that it can be launched from the local file system instead of doing a wget/curl operation. This would certainly solve the edge case I have presented.
Also, I wanted to thank you for all your hard work on this plugin. It has helped many people, including myself. 👍
KostyaSha
commented
7 years ago Slave.jar is needed to ensure that correct slave.jar is used for remoting. Until core doesn't provide hashes to do fast check the best safe way is download slave.jar every time.
danieleagle
commented
7 years ago Thanks for the information. Based on that, I totally agree with you.
danieleagle
commented
7 years ago Something I just thought about, on each build of Jenkins Master the slave.jar could be extracted and placed into a volume that the slave has access to. That would ensure that when Jenkins gets updated so does the slave.jar. What do you think? In that case the slave could launch slave.jar from the shared volume and avoid making a call via wget/curl.
KostyaSha
commented
7 years ago That's sound like additional logic that wouldn't also work good for parallel. Now logic is pretty simple. I don't think that this causes to huge startup delay.
danieleagle
commented
7 years ago I was able to implement a different solution which doesn't require running slave.jar from a different location. Certainly, this can always be a feature but I'm good as of now.
KostyaSha
commented
7 years ago I can try move slave.jar download to /slave.jar, add slave.jar archive copy into container and add if case init script. But that may not help avoid slave.jar copy into container in your case...
danieleagle
commented
7 years ago @KostyaSha, I was able to work around this and no longer require running it from a different location. However, it could still be useful so if it's not too much work to add support for it might be a good idea. I'll leave that up to you. :)
Currently, slave.jar is downloaded from Jenkins Master using a Slave with JNLP via init.sh. However, an interesting situation happens when using HTTPS under a certain condition. Please review this for more information.
The idea is to prevent a HTTPS connection to get slave.jar so the certificate checks don't have to be ignored, thus avoiding a security issue. Please read the previous link for all the details on this.