Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41002

Liquibase runner refuses to run on slave

    Details

    • Similar Issues:

      Description

      From https://github.com/jenkinsci/liquibase-runner-plugin/issues/10

      Even if we set the Restrict where this project can be run to our slave, it still runs on master. Which is a problem because firewall rules prevent Jenkins master from accessing Postgres master but not the Jenkins Slave. Also we don't want that load on the master. This is the only plugin we have that does this. I even upgraded to 1.2.1 in hopes that might fix it.

      Is this a bug or by design and can it be fixed?

        Attachments

          Activity

          prospero238 Keith Collison created issue -
          Hide
          prospero238 Keith Collison added a comment -

          This is a known limitation of the plugin. During the course of plugin execution, a JDBC connection is attempted to the target database, even if the job is being executed on a slave.

          Here is a workaround for such situations. It involves modifying the Jenkins slave connection to setup port forwarding. I'm assuming that, in your situation, the Jenkins slave and the target postgres server are not one in the same (see below notes otherwise). I've used this approach elsewhere with success.

          Steps

          • Modify the slave node configuration. You'll want to change the "Launch method" to be "Launch agent via execution of command on the master". The launch command should be "ssh [user]@[slave host] -L5432:[db host]:5432 java -jar [path to slave.jar]". See Jenkins documentation for info about this configuration. For us, the important part is the "-L5432:[db host]:5432" which sets up the port forwarding.
          • Change your liquibase job configuration so that the JDBC URL is something like "jdbc:postgresql://localhost:5432/sample". The important part is that the host name is localhost.

          Once these steps are done, the Jenkins master's JDBC connection will go over ssh using port forwarding.

          Notes:

          • The example above assumes port 5432 is available on Jenkins master. If it isn't, change the ssh config to be something like "-L6666:[db host]:5432" where "6666" is an available port. Then, in your liquibase configuration, the jdbc url would reflect this port as well, example: jdbc:postgresql://localhost:6666/sample
          • If the Jenkins slave is the same machine as the target database server, you can use "-L5432:localhost:5432" (using "localhost" instead of the database host name).
          • Older versions of Jenkins did not have a slave launch option like I've described. However, you can do the same thing using its "launch via webstart" option. Ask me for details if you need info.
          • There are other potential security restrictions you may run into depending on your server/network setup. Also, you may want to make your Ops staff aware of what's going on. There's no shenanigans, but I'd keep them in the loop.
          Show
          prospero238 Keith Collison added a comment - This is a known limitation of the plugin. During the course of plugin execution, a JDBC connection is attempted to the target database, even if the job is being executed on a slave. Here is a workaround for such situations. It involves modifying the Jenkins slave connection to setup port forwarding. I'm assuming that, in your situation, the Jenkins slave and the target postgres server are not one in the same (see below notes otherwise). I've used this approach elsewhere with success. Steps Modify the slave node configuration. You'll want to change the "Launch method" to be "Launch agent via execution of command on the master". The launch command should be "ssh [user]@[slave host] -L5432:[db host]:5432 java -jar [path to slave.jar]". See Jenkins documentation for info about this configuration. For us, the important part is the "-L5432:[db host]:5432" which sets up the port forwarding. Change your liquibase job configuration so that the JDBC URL is something like "jdbc:postgresql://localhost:5432/sample". The important part is that the host name is localhost. Once these steps are done, the Jenkins master's JDBC connection will go over ssh using port forwarding. Notes: The example above assumes port 5432 is available on Jenkins master. If it isn't, change the ssh config to be something like "-L6666:[db host]:5432" where "6666" is an available port. Then, in your liquibase configuration, the jdbc url would reflect this port as well, example: jdbc:postgresql://localhost:6666/sample If the Jenkins slave is the same machine as the target database server, you can use "-L5432:localhost:5432" (using "localhost" instead of the database host name). Older versions of Jenkins did not have a slave launch option like I've described. However, you can do the same thing using its "launch via webstart" option. Ask me for details if you need info. There are other potential security restrictions you may run into depending on your server/network setup. Also, you may want to make your Ops staff aware of what's going on. There's no shenanigans, but I'd keep them in the loop.

            People

            • Assignee:
              prospero238 Keith Collison
              Reporter:
              prospero238 Keith Collison
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: