Similar as done by the swam plugin, it would be useful to have a new type of AMI (besides "Windows" and "Linux") which launches ec2s that connect themselves to the master, thereby forming an ad-hoc agent cluster.
      Like this, such an agent is fully responsible to launch completely (e.g. for Windows it might do an auto-logon,..) and afterwards connects to the master via JNLP.
      The jenkins master does not have to connect to the agent in this case and therefore needs no credentials to connect via SSH or WINRM.

      Rough idea /summary for the required changes:

      • have a new AMI type "self connecting"
      • this type of AMI has no launcher but instead used the default JNLP launcher
      • make ssh key field optional (not required for the new AMI type)
      • when launching the ec2, provide node name, secret and master URL as labels (ec2 can easily parse labels via ec2 metadata and use the info to connect to the master)

          [JENKINS-48273] Self-connecting agents

          we already developed a first prototype on this fork here:
          https://github.com/bnf2si/ec2-plugin/tree/selfconnecting

          next step is to prepare a pull request 

          Frank Bernhardt added a comment - we already developed a first prototype on this fork here: https://github.com/bnf2si/ec2-plugin/tree/selfconnecting next step is to prepare a pull request 

          Philip Sahli added a comment - - edited

          We were having a look at this plugin in it seemed to help us in the situation: Spawn a Jenkins Slave on AWS from a On-Prem Jenkins Master and open only two TCP ports on the firewall from the Slave to Master. I was surprise about the needed configuration around ssh and that a slave then really needs to be reachable over ssh. It would be really nice if we could have just a user-data script (which downlodas the jar from the master and starts the slave JVM). 

          Beside of the init script functionality what for is ssh connectivity?

          bnf2si what is the plan about your PR?

          Philip Sahli added a comment - - edited We were having a look at this plugin in it seemed to help us in the situation: Spawn a Jenkins Slave on AWS from a On-Prem Jenkins Master and open only two TCP ports on the firewall from the Slave to Master. I was surprise about the needed configuration around ssh and that a slave then really needs to be reachable over ssh. It would be really nice if we could have just a user-data script (which downlodas the jar from the master and starts the slave JVM).  Beside of the init script functionality what for is ssh connectivity? bnf2si what is the plan about your PR?

          Andreas Lutro added a comment -

          Andreas Lutro added a comment - Possibly a duplicate of  https://issues.jenkins-ci.org/browse/JENKINS-26369

            bnf2si Frank Bernhardt
            bnf2si Frank Bernhardt
            Votes:
            3 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: