Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52455

Do not expose JNLP port 50000 for EC2 agents

    XMLWordPrintable

Details

    • Evergreen - Milestone 1

    Description

      The connection from agents to master actually goes through the SSH pipe, so we can, and must, for obvious security strenghtening reasons, remove that port exposition.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. JENKINS-52210 Write JEP about AWS auto-configuration

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link PR

          Activity

            batmat Baptiste Mathus added a comment -

            Will finally not do.

            Copying what I put in https://github.com/jenkins-infra/evergreen/pull/131#issuecomment-404506891 after rtyler's good feedback:

            OK, going to close this finally:

            • the port is anyway currently *not* exposed/open from Jenkins
            • Leaving it available as is currently will make it available for Essentials users to enable a fixed port so that they can connect agents if they wish to. If we close it at both Docker ports, and AWS security groups levels, and they want to enable it, well they are going to have a very hard time.
            batmat Baptiste Mathus added a comment - Will finally not do. Copying what I put in https://github.com/jenkins-infra/evergreen/pull/131#issuecomment-404506891 after rtyler 's good feedback: OK, going to close this finally: the port is anyway currently * not * exposed/open from Jenkins Leaving it available as is currently will make it available for Essentials users to enable a fixed port so that they can connect agents if they wish to. If we close it at both Docker ports, and AWS security groups levels, and they want to enable it, well they are going to have a very hard time.

            People

              batmat Baptiste Mathus
              batmat Baptiste Mathus
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: