PAGE
Slaves Access Tutorial
Any ‘slave’ virtual machine created on https://ci.inria.fr/ (or https://ci-cloud.inria.fr) is accessible by ssh bouncing through the SSH gateway ci-ssh.inria.fr. This page explains how to connect through SSH to a virtual machine.
Once connected, you will be able to perform any administration tas (like installing the packages you need to build your software).
Note: some packages (JDK, Ant and Maven especially) can be automatically installed by Jenkins. You may prefer not to install them manually.
Prerequisites
Register your SSH public key
The SSH gateway ci-ssh.inria.fr only allows authentication by public key.
You first need to create an SSH key pair, in case you do not already have one. Once it is created you can register it in your user account.
Upload your SSH Key to the portal
To upload your SSH key the CI portal click on your email on the upper right then My account:
-
log in with your account on the web portal
-
click on the button displaying your e-mail (on the top-right of the page) and select My Account
-
paste your public key into the the text area Add an SSH Key and click on Add this key
-
verify in a command line that you can connect to the SSH gateway:
ssh <User Id>@ci-ssh.inria.fr # Enter your SSH key passphrase # You should be logged to ci-ssh.inria.fr
(where User Id is the Uid from My Account page)
Identify your user name
The user name you must use to open a session on the SSH gateway can be found on the My account page of the CI portal, it displayed in the Uid field.
Identify your virtual machine
A virtual machine can be reached either using its IP address or using its hostname:
You can obtain the the IP address or hostname of your slave:
-
in the Web Portal: they are displayed in the Slaves tab of your project
-
in the Cloudstack interface: in the instances tab
VM host names follow the pattern: project_name-slave_name. If the project name is my_project and the slave name is s1, the resulting hostname will be my_project-s1.
Virtual machines default password
In order to be able to connect to your newly added VM, default passwords for all slaves from the featured templates are:
- Linux
- user: root password: password (except for Ubuntu 16.04 , where the root account is disabled for security reason)
- user: ci password: ci - root access can be granted using sudo (password: ci)
- OSx
- user: ci password: ci - root access can be granted using sudo (password: ci)
- Windows
- user: ci password: ci - the user ci is administrator
Remark: For security reasons, it is advised to change the default root and ci users passwords, even if the VM are not directly accesible through the net, as they are behind the SSH gateway. It is the role of the administrator of your CI project to change these passwords and to share them.
Linux/MacOS users
Connecting to a Linux/MacOSX/Windows 10 slave through SSH
Basics
To connect a Linux (or any Unix) slave:
- ssh to ci-ssh.inria.fr with your user name using one of SSH keys registered in the portal
- once you are logged in ci-ssh.inria, ssh to your virtual machine using the root or ci account with the correct password.
Example:
$ ssh
mdam001
@ci-ssh.inria.fr
Last login: Thu Jul 19 18:24:20 2012 from 194.199.1.234
-sh-4.1$ ssh root@
my_project-s1
root@my_project-s1's
password
:
Configure a ssh proxy command
Connecting manually to the SSH gateway before accessing to your slave is
quite inconvenient. You can automate this by adding a proxy command into
your ~/.ssh/config
file:
Host *.ci
ProxyCommand ssh
username
@ci-ssh.inria.fr "/usr/bin/nc -w 1 `basename %h .ci` %p"
Now the previous command becomes:
$ ssh root@
my_project-s1
.ci
root@my_project-s1.ci's
password
:
Connecting to a MacOSX slave (graphical way)
It is possible to connect to MacOSX slaves using VNC. You could use this solution if the Cloudstack console does not work.
- On the slave
Start the vnc service on your slave with kickstart
, connecting by ssh
:
ssh ci@*slave_name*.ci
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
-activate -configure -access -on -clientopts \
-setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw mypasswd \
-restart -agent -privs -all
-
On the client
- create an SSH tunnel to the slave’s port 5900 with the following command:
ssh -L 9999:
*slave_name*
:5900
*username*
@ci-ssh.inria.fr
- launch a vnc client
- from OS X: on Finder, hit Command+K, enter
vnc://localhost:9999
and click ‘Connect’ - from another OS:
- use https://www.realvnc.com/download/viewer/
vncviewer localhost:9999
- other alternatives are gvncviewer, TigerVNC, …
- use https://www.realvnc.com/download/viewer/
- from OS X: on Finder, hit Command+K, enter
Connecting to a Windows slave
Windows slaves: RDP access through a SSH tunnel
If you want to connect to a windows slave using Remote Desktop, you have to create a SSH tunnel with the following command:
ssh -L 3389:
slave_name
:3389
username
@ci-ssh.inria.fr
For example for a windows whose name is my_project-s1:
$ ssh -L 3389:my_project-s1:3389 mdam001@ci-ssh.inria.fr
You can then connect to localhost using the Remote Desktop client in a new command window (rdesktop uses the default 3389 port that will be redirected by the SSH tunnel).
rdesktop localhost
The windows login page invites you to enter your login and password.
On Windows 10, you can face the following error message :
ERROR: CredSSP: Initialize failed, do you have correct kerberos tgt initialized ?
You will have to fix the
CredSSP.
We advise to allow insecure connections without NLA (network-level
authentication).
Note for Ubuntu users: Remmina remote desktop client is installed by default. We recommend to use rdesktop instead.
Note for MacOS X users: the rdesktop client is not well supported on MacOS X. We recommend to use the CoRD remote desktop client instead.
Some useful rdesktop options:
- if rdesktop client opens too small or too big windows, you can fix it with the option:
# Open a window with a size of 90% of your screen setup - useless on dual screen
rdesktop -g 90% localhost
# or
# Open a window with a specific size
rdesktop -g 1920x1536 localhost
- if rdesktop client keyboard layout is not correct:
# For a french keyboard - can be combined with -g option
rdesktop -k fr localhost
Windows slaves: web-based RDP access through CloudStack
If you have trouble setting up a SSH tunnel for native RDP traffic, you may connect to a Windows slave using CloudStack’s web-based client.
To do so, log in on CloudStack (e.g. through the link on your CI project page), go to the ‘instances’ tab, select your Windows slave and click on the ‘shell’ icon. This will start a RDP session.
Windows slaves: SSH on Windows slaves
You will have to install sshd on the Windows slave. You have two solutions, depending if you want a Unix environment or not.
Installing a Unix environment and a sshd daemon
You can install MSYS2
(https://sourceforge.net/p/msys2/wiki/MSYS2%20introduction/) and follow
the instructions to install SSH server sshd
running with cygrunsrvd
are here : https://gist.github.com/samhocevar/00eec26d9e9988d080ac.
Do not forget to create /etc/passwd
file before running the
installation script.
This solution is the robustest, but the environment of ssh connection is Unix.
Installing a Windows daemon based on OpenSSH
You can install OpenSSH for Windows, which is in beta development by Microsoft.
The instructions to install Win32 OpenSSH are here : https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH
Windows users
For Windows users, if you are not familiar with SSH configuration/connection, please refer to Putty and its documentation.
Connecting to a Linux slave
To connect directly to the previous virtual machine, you need to use the local proxy feature of Putty. To do so, go to the Connection > Proxy tab of the connection configuration, select Local as proxy type, put ci-ssh.inria.fr as proxy hostname and use the following local proxy command:
plink.exe %proxyhost -l
username
-agent -nc %host:%port\n
Then go to the Session panel, type in the host name and Open. Of course, for all that to work, you need to have correctly set up your key-pair authentication. Then you will have to authenticate on the virtual machine as user ‘root’ or ‘ci’ with the correct password.
Connecting to a Windows slave (graphical way)
If you want to connect to a windows slave using Remote Desktop, you have to create a SSH tunnel with the following command on a console:
plink.exe -L 3380:
slave_name
:3389
username
@ci-ssh.inria.fr
The local port 3380 is used in order to avoid problem with the local service. For example for a windows whose name is my_project-s1:
plink.exe -L 3380:my_project-s1:3389 mdam001@ci-ssh.inria.fr
You can then connect to localhost:3380 using the Remote Desktop client.
The windows login page invites you to enter your login and password.
On Windows 10, you can face the following error message :
FATAL ERROR: Remote side unexpectedly closed network connection
You will have to fix the
CredSSP.
We advise to allow insecure connections without NLA (network-level
authentication).
Next step
You have now completed the second step of the tutorial! You can proceed to final step of the tutorial.
This part will teach you the basics about Jenkins: creating new jobs and configuring them to run on the virtual machines you have just created.