patternModerate
Is it ok to have a Jenkins Server without slave node?
Viewed 0 times
withoutjenkinsslavenodeserverhave
Problem
In my team we have one Jenkins server with one master node & one slave node in the same server. We use Jenkins Pipelines and surround everything with
In a colleague's team I have seen that, for some reason, they have one master node and no slave node. All their builds run in master node.
Questions:
node{}. In a colleague's team I have seen that, for some reason, they have one master node and no slave node. All their builds run in master node.
Questions:
- Is this a bad practice?
- Are there any bad consequences for having only one master node?
- Is my setup (one master & one slave) a bad practice?
Solution
https://wiki.jenkins.io/display/JENKINS/Jenkins+Best+Practices
In larger systems, don't build on the master.
If you have a more complex security setup that allows some users to
only configure jobs, but not administer Jenkins, you need to prevent
them from running builds on the master node, otherwise they have
unrestricted access into the JENKINS_HOME directory. You can do this
by setting the executor count to zero. Instead, make sure all jobs run
on slaves. This ensures that the jenkins master can scale to support
many more jobs, and it also protects builds from modifying potentially
sensitive data on $JENKINS_HOME accidentally/maliciously. If you need
some jobs to run on the master (e.g. backups of Jenkins itself), use
the Job Restrictions Plugin to limit which jobs can be executed there.
One master node and no slave node. All their builds run in master
node. Is this a bad practice?
Running the jobs on the master nodes means that the jobs have unrestricted access into the JENKINS_HOME directory
Are there any bad consequences for having only one master node?
As the slaves have unrestricted access into the JENKINS_HOME directory this could be unsafe
Is my setup (one master & one slave) a bad practice?
It is better than only one master as long as all the jobs run on the slaves
In summary, from a security perspective it is a bad practice to run the jobs on the master.
In larger systems, don't build on the master.
If you have a more complex security setup that allows some users to
only configure jobs, but not administer Jenkins, you need to prevent
them from running builds on the master node, otherwise they have
unrestricted access into the JENKINS_HOME directory. You can do this
by setting the executor count to zero. Instead, make sure all jobs run
on slaves. This ensures that the jenkins master can scale to support
many more jobs, and it also protects builds from modifying potentially
sensitive data on $JENKINS_HOME accidentally/maliciously. If you need
some jobs to run on the master (e.g. backups of Jenkins itself), use
the Job Restrictions Plugin to limit which jobs can be executed there.
One master node and no slave node. All their builds run in master
node. Is this a bad practice?
Running the jobs on the master nodes means that the jobs have unrestricted access into the JENKINS_HOME directory
Are there any bad consequences for having only one master node?
As the slaves have unrestricted access into the JENKINS_HOME directory this could be unsafe
Is my setup (one master & one slave) a bad practice?
It is better than only one master as long as all the jobs run on the slaves
In summary, from a security perspective it is a bad practice to run the jobs on the master.
Context
StackExchange DevOps Q#2105, answer score: 14
Revisions (0)
No revisions yet.