tickets #122260
closedRequests regarding openID and jenkins-agent.i.o.o VM
100%
Description
Hello fellas,
In order to test/configure logon on jenkins.infra.opensuse.org with openSUSE's openID Connect, a client ID and secret is needed for the setup. And in order to test/configure Jenkins properly, at least one additional VM is needed as a Jenkins agent to provide nodes (commonly known to us as workers). Based on hardware recommendation, I'm thinking that 2-4 cores - each node will use 2-3 threads - and about 2G of RAM (not sure here) should be enough, for testing purposes.
So I'm here to kindly request them.
Thanks in advance!
Updated by crameleon over 1 year ago
Hi,
there is already a VM jenkins.infra.opensuse.org. Any suggestions for an alternative name?
Updated by luc14n0 over 1 year ago
Hi there,
Yes, jenkins-agent.infra.opensuse.org would be just fine, please.
Updated by luc14n0 over 1 year ago
- Subject changed from Requests regarding openID and extra VM for jenkins-o-o to Requests regarding openID and jenkins-agent.i.o.o VM
Updated by crameleon over 1 year ago
- Assignee changed from opensuse-admin to crameleon
I'll create it soon.
In the meanwhile, if you want, you could add the pillar/id/ file for it in Salt (I guess you know better than me what the correct details are).
Updated by crameleon over 1 year ago
- Status changed from New to In Progress
- % Done changed from 0 to 80
VM is prepared, waiting for Salt.
I went with the lower end of resources you mentioned, we can always increase it if more is needed.
Updated by luc14n0 over 1 year ago
Very well, thanks for the work. I hope the oidc stuff won't give you - or someone else - too much trouble.
Updated by crameleon over 1 year ago
It's no problem. Once your MR is through and I apply the highstate, I will put the credentials on the machine.
Updated by luc14n0 over 1 year ago
Okey dokey. Just to clarify, the openID Connect stuff is for jenkins-i-o-o, the controller, OK?
Updated by crameleon over 1 year ago
What are the client ID and callback/redirect URL?
Updated by luc14n0 over 1 year ago
Uhm, I'm gonna need a hand here. AFAICT the client ID is suppose to be given to me, according to the Jenkins plugin, and I'm not sure what's the callback/redirect URL.
Updated by crameleon over 1 year ago
I guess it's /securityRealm/finishLogin
according to https://github.com/jenkinsci/oic-auth-plugin/blob/master/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help.html, I can add that and we can always change it later.
Updated by crameleon over 1 year ago
- Checklist item Extra VM set to Done
- % Done changed from 80 to 90
jenkins-agent.infra.opensuse.org
IP: 192.168.47.89/24
RackTables (SUSE internal): https://racktables.suse.de/index.php?page=object&object_id=20020
Salt pillar ID (thanks for adding it!): https://gitlab.infra.opensuse.org/infra/salt/-/blob/production/pillar/id/jenkins-agent_infra_opensuse_org.sls
SSH host keys:
SHA256:DSgxtyB9ah2b4zL5slxSA4194A1NNnB6ifqCVnE4ccA (ED25519)
SHA256:eAPogFJqWaUynDV94gNE0GL/CQVifYrS+4Q2C3MgZSY (ECDSA)
Updated by crameleon over 1 year ago
There are some failing Salt states, I suppose you will solve them along with the Jenkins profiles.
Updated by crameleon over 1 year ago
- Checklist item openID Connect client ID and secret set to Done
- Category changed from Core services and virtual infrastructure to Servers hosted in NBG
- Status changed from In Progress to Resolved
- % Done changed from 90 to 100
OpenID data is in my home directory on the machine. Just delete the file after you stored the data in the respective configuration / Salt. I assumed https://jenkins-agent.opensuse.org
as a URL for now, let me know if you want to change it later.
Updated by luc14n0 over 1 year ago
Aaah! Now I get it what's the callback/redirect URL. Indeed /securityRealm/finishLogin
is my guess too.
crameleon wrote:
There are some failing Salt states, I suppose you will solve them along with the Jenkins profiles.
Gonna have a look at them.
crameleon wrote:
OpenID data is in my home directory on the machine. Just delete the file after you stored the data in the respective configuration / Salt. I assumed
https://jenkins-agent.opensuse.org
as a URL for now, let me know if you want to change it later.
Actually, the URL should be http://jenkins.infra.opensuse.org:8080/
instead, I don't think we're ready to expose it outside infra.opensuse.org
just yet. I should've been more explicit in my request, though, that's my bad.
Thanks for you're time Georg! I appreciate it.
Updated by luc14n0 over 1 year ago
For clarity's sake and historical reasons, I'd like to say I probably should've opened two tickets instead of one (or, at the very least, I should've gave more details).
One for the openID Connect client ID and secret are for jenkins-i-o-o, not for the new VM that I asked for, jenkins-agent-i-o-o.
And another for jenkins-agent-i-o-o, a Jenkins "worker" that the community won't have to interact with directly.
But I learned my lesson :^)
Updated by crameleon over 1 year ago
- Status changed from Resolved to In Progress
Updated by crameleon over 1 year ago
I cannot change the URL to what you have requested:
Redirect URI incorrect: non-https or localhost with web"
Seems it needs to be secure.
Updated by luc14n0 over 1 year ago
I'm planing to get back to jenkins-i-o-o this weekend, so I'll see to get HTTPS
going.
Updated by crameleon over 1 year ago
- Status changed from In Progress to Feedback
Cool, let me know if you need any help. :-)