Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33555

Provide option to disable master build executors while starting service

    • Icon: Improvement Improvement
    • Resolution: Duplicate
    • Icon: Minor Minor
    • core

      Provide option to disable Build executors for Jenkins master when starting service as input and in configure system it should not be editable when the Jenkins service started with this option.

      If we able to do this we can achieve multi-tenant feature, so that we can block build executions on the Jenkins Master considering load & security issues
      I have configured the Jenkins like below at different ports(8080,8081,8082) and different JENKINS_HOME

      /etc/alternatives/java -Djava.awt.headless=true -DJENKINS_HOME=/var/lib/jenkins8081 -jar /usr/lib/jenkins/jenkins.war --httpPort=8081

      Configured with Apache Server Reverse Proxy to map each Jenkins instance with each DNS entry.

          [JENKINS-33555] Provide option to disable master build executors while starting service

          Jesse Glick added a comment -

          danielbeck I guess this is one of those things we considered for 2.0 but dropped, right? IMO the initial state should be zero executors, and you should either be prohibited from configuring nonzero executors until you disable security generally, or sternly warned about it.

          Jesse Glick added a comment - danielbeck I guess this is one of those things we considered for 2.0 but dropped, right? IMO the initial state should be zero executors, and you should either be prohibited from configuring nonzero executors until you disable security generally, or sternly warned about it.

          Daniel Beck added a comment -

          jglick

          I don't understand the issue as reported at all, as it assumes untrusted people would have Overall/Administer.

          But as to what you're suggesting, the problem is that actual default config changes in this area leave Jenkins non-functional as it comes out of the box. We've already disabled the JNLP port by default which causes some confusion ("Where's the JNLP Launcher?").

          Note that plugins such as Job Restrictions Plugin, Ownership Plugin, and Authorize Project Plugin (IIRC) can all be used to limit job execution on master even when executors are configured.

          We could probably achieve something resembling reasonable configurations by recommending build agents (first), and then, once they have set those up, recommend not building on master (second), via an admin monitor. Or at least tell people what they're doing isn't a great idea.

          Daniel Beck added a comment - jglick I don't understand the issue as reported at all, as it assumes untrusted people would have Overall/Administer. But as to what you're suggesting, the problem is that actual default config changes in this area leave Jenkins non-functional as it comes out of the box. We've already disabled the JNLP port by default which causes some confusion ("Where's the JNLP Launcher?"). Note that plugins such as Job Restrictions Plugin, Ownership Plugin, and Authorize Project Plugin (IIRC) can all be used to limit job execution on master even when executors are configured. We could probably achieve something resembling reasonable configurations by recommending build agents (first), and then, once they have set those up, recommend not building on master (second), via an admin monitor. Or at least tell people what they're doing isn't a great idea.

          Jesse Glick added a comment -

          Better to discuss proposals in original issue, not this duplicate. (Or I suppose a duplicate; I did not really understand it either.)

          Jesse Glick added a comment - Better to discuss proposals in original issue, not this duplicate. (Or I suppose a duplicate; I did not really understand it either.)

            Unassigned Unassigned
            pskumar448 Suresh Kumar
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: