tickets #122260
Requests regarding openID and jenkins-agent.i.o.o VM
100%
Description
Hello fellas,
In order to test/configure logon on jenkins.infra.opensuse.org with openSUSE's openID Connect, a client ID and secret is needed for the setup. And in order to test/configure Jenkins properly, at least one additional VM is needed as a Jenkins agent to provide nodes (commonly known to us as workers). Based on hardware recommendation, I'm thinking that 2-4 cores - each node will use 2-3 threads - and about 2G of RAM (not sure here) should be enough, for testing purposes.
So I'm here to kindly request them.
Thanks in advance!
History
Updated by 
Updated by #12
Updated by luc14n0 5 months ago
Uhm, I'm gonna need a hand here. AFAICT the client ID is suppose to be given to me, according to the Jenkins plugin, and I'm not sure what's the callback/redirect URL.
#13
Updated by crameleon 5 months ago
I guess it's /securityRealm/finishLogin according to https://github.com/jenkinsci/oic-auth-plugin/blob/master/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help.html, I can add that and we can always change it later.
#14
Updated by crameleon 5 months ago
- Checklist item Extra VM set to Done
- % Done changed from 80 to 90
jenkins-agent.infra.opensuse.org
IP: 192.168.47.89/24
RackTables (SUSE internal): https://racktables.suse.de/index.php?page=object&object_id=20020
Salt pillar ID (thanks for adding it!): https://gitlab.infra.opensuse.org/infra/salt/-/blob/production/pillar/id/jenkins-agent_infra_opensuse_org.sls
SSH host keys:
SHA256:DSgxtyB9ah2b4zL5slxSA4194A1NNnB6ifqCVnE4ccA (ED25519) SHA256:eAPogFJqWaUynDV94gNE0GL/CQVifYrS+4Q2C3MgZSY (ECDSA)
#16
Updated by crameleon 5 months ago
- Checklist item openID Connect client ID and secret set to Done
- Category changed from Core services and infra to Servers hosted in NBG
- Status changed from In Progress to Resolved
- % Done changed from 90 to 100
OpenID data is in my home directory on the machine. Just delete the file after you stored the data in the respective configuration / Salt. I assumed https://jenkins-agent.opensuse.org as a URL for now, let me know if you want to change it later.
#17
Updated by luc14n0 5 months ago
Aaah! Now I get it what's the callback/redirect URL. Indeed /securityRealm/finishLogin is my guess too.
crameleon wrote:
There are some failing Salt states, I suppose you will solve them along with the Jenkins profiles.
Gonna have a look at them.
crameleon wrote:
OpenID data is in my home directory on the machine. Just delete the file after you stored the data in the respective configuration / Salt. I assumed
https://jenkins-agent.opensuse.orgas a URL for now, let me know if you want to change it later.
Actually, the URL should be http://jenkins.infra.opensuse.org:8080/ instead, I don't think we're ready to expose it outside infra.opensuse.org just yet. I should've been more explicit in my request, though, that's my bad.
Thanks for you're time Georg! I appreciate it.
#18
Updated by luc14n0 5 months ago
For clarity's sake and historical reasons, I'd like to say I probably should've opened two tickets instead of one (or, at the very least, I should've gave more details).
One for the openID Connect client ID and secret are for jenkins-i-o-o, not for the new VM that I asked for, jenkins-agent-i-o-o.
And another for jenkins-agent-i-o-o, a Jenkins "worker" that the community won't have to interact with directly.
But I learned my lesson :^)
#23
Updated by crameleon about 2 months ago
- Status changed from Feedback to Closed
No feedback, closing.