Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52455

Do not expose JNLP port 50000 for EC2 agents

    XMLWordPrintable

Details

    • Evergreen - Milestone 1

    Description

      The connection from agents to master actually goes through the SSH pipe, so we can, and must, for obvious security strenghtening reasons, remove that port exposition.

      Attachments

        Issue Links

          Activity

            batmat Baptiste Mathus created issue -
            batmat Baptiste Mathus made changes -
            Field Original Value New Value
            Epic Link JENKINS-49853 [ 188837 ]
            batmat Baptiste Mathus made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            batmat Baptiste Mathus made changes -
            Link This issue relates to JENKINS-52210 [ JENKINS-52210 ]
            batmat Baptiste Mathus made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            batmat Baptiste Mathus made changes -
            Remote Link This issue links to "PR (Web Link)" [ 21167 ]

            Will finally not do.

            Copying what I put in https://github.com/jenkins-infra/evergreen/pull/131#issuecomment-404506891 after rtyler's good feedback:

            OK, going to close this finally:

            • the port is anyway currently *not* exposed/open from Jenkins
            • Leaving it available as is currently will make it available for Essentials users to enable a fixed port so that they can connect agents if they wish to. If we close it at both Docker ports, and AWS security groups levels, and they want to enable it, well they are going to have a very hard time.
            batmat Baptiste Mathus added a comment - Will finally not do. Copying what I put in https://github.com/jenkins-infra/evergreen/pull/131#issuecomment-404506891 after rtyler 's good feedback: OK, going to close this finally: the port is anyway currently * not * exposed/open from Jenkins Leaving it available as is currently will make it available for Essentials users to enable a fixed port so that they can connect agents if they wish to. If we close it at both Docker ports, and AWS security groups levels, and they want to enable it, well they are going to have a very hard time.
            batmat Baptiste Mathus made changes -
            Resolution Won't Do [ 10001 ]
            Status In Review [ 10005 ] Closed [ 6 ]
            batmat Baptiste Mathus made changes -
            Labels essentials essentials evergreen
            batmat Baptiste Mathus made changes -
            Labels essentials evergreen evergreen

            People

              batmat Baptiste Mathus
              batmat Baptiste Mathus
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: