directlx
/
dlx-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dlx-ansible/docs/JENKINS-NPM-PROXY-QUICK-REF...

150 lines
4.1 KiB
Markdown
Raw Blame History

# Jenkins NPM Proxy - Quick Reference
**Date**: 2026-02-09
**Status**: ✅ Firewall configured, NPM stream setup required
## Current Configuration
### Infrastructure
- **NPM Server**: 192.168.200.71 (Nginx Proxy Manager)
- **Jenkins Server**: 192.168.200.91 (dlx-sonar)
- **Proxy Port**: 2222 (NPM → Jenkins:22)
### What's Done
✅ Jenkins SSH key created: `/var/lib/jenkins/.ssh/id_rsa`
✅ Public key added to jenkins server: `~/.ssh/authorized_keys`
✅ NPM firewall configured: Port 2222 open
✅ Host vars updated: `host_vars/npm.yml`
✅ Documentation created
### What's Remaining
⏳ NPM stream configuration (requires NPM Web UI)
⏳ Jenkins agent configuration update
⏳ Testing and verification
## Quick Commands
### Test SSH Through NPM
```bash
# After configuring NPM stream
ssh -p 2222 dlxadmin@192.168.200.71
```
### Test as Jenkins User
```bash
ansible jenkins -m shell -a "sudo -u jenkins ssh -p 2222 -o StrictHostKeyChecking=no -i /var/lib/jenkins/.ssh/id_rsa dlxadmin@192.168.200.71 hostname" -b
```
### Check NPM Firewall
```bash
ansible npm -m shell -a "ufw status | grep 2222" -b
```
### View Jenkins SSH Key
```bash
# Public key
ansible jenkins -m shell -a "cat /var/lib/jenkins/.ssh/id_rsa.pub" -b
# Private key (for Jenkins credential)
ansible jenkins -m shell -a "cat /var/lib/jenkins/.ssh/id_rsa" -b
```
## NPM Stream Configuration
**Required Settings**:
- Incoming Port: `2222`
- Forwarding Host: `192.168.200.91`
- Forwarding Port: `22`
- TCP Forwarding: `Enabled`
- UDP Forwarding: `Disabled`
**Access NPM UI**:
- URL: http://192.168.200.71:81
- Default: admin@example.com / changeme
- Go to: **Streams****Add Stream**
## Jenkins Agent Configuration
**Update in Jenkins UI** (http://192.168.200.91:8080):
- Path: **Manage Jenkins****Manage Nodes and Clouds** → Select agent → **Configure**
- Change **Host**: `192.168.200.71` (NPM server)
- Change **Port**: `2222`
- Keep **Credentials**: `dlx-key`
## Troubleshooting
### Cannot connect to NPM:2222
```bash
# Check firewall
ansible npm -m shell -a "ufw status | grep 2222" -b
# Check if stream is configured
# Login to NPM UI and verify stream exists and is enabled
```
### Authentication fails
```bash
# Verify public key is authorized
ansible jenkins -m shell -a "grep jenkins /home/dlxadmin/.ssh/authorized_keys" -b
```
### Connection timeout
```bash
# Check NPM can reach Jenkins
ansible npm -m shell -a "nc -zv 192.168.200.91 22" -b
```
## Files
- **Documentation**: `docs/NPM-SSH-PROXY-FOR-JENKINS.md`
- **Quick Reference**: `docs/JENKINS-NPM-PROXY-QUICK-REFERENCE.md`
- **Setup Instructions**: `/tmp/npm-stream-setup.txt`
- **NPM Host Vars**: `host_vars/npm.yml`
- **Jenkins Host Vars**: `host_vars/jenkins.yml`
- **Playbook**: `playbooks/configure-npm-ssh-proxy.yml`
## Architecture Diagram
```
Before:
Jenkins Agent → Router:22 → Jenkins:22
After (with NPM proxy):
Jenkins Agent → NPM:2222 → Jenkins:22
Centralized logging
Access control
SSL/TLS support
```
## Benefits
**Security**: Centralized access point through NPM
**Logging**: All SSH connections logged by NPM
**Flexibility**: Easy to add more agents on different ports
**SSL Support**: Can add SSL/TLS for encrypted tunneling
**Monitoring**: NPM provides connection statistics
## Next Steps After Setup
1. ✅ Complete NPM stream configuration
2. ✅ Update Jenkins agent settings
3. ✅ Test connection
4. ⏳ Update router port forwarding (if external access needed)
5. ⏳ Restrict Jenkins SSH to NPM only (optional security hardening)
6. ⏳ Set up monitoring/alerts for connection failures
## Advanced: Restrict SSH to NPM Only
For additional security, restrict Jenkins SSH to only accept from NPM:
```bash
# Allow SSH only from NPM
ansible jenkins -m community.general.ufw -a "rule=allow from=192.168.200.71 to=any port=22 proto=tcp" -b
# Remove general SSH rule (if you want strict restriction)
# ansible jenkins -m community.general.ufw -a "rule=delete port=22 proto=tcp" -b
```
⚠️ **Warning**: Only do this after confirming NPM proxy works, or you might lock yourself out!
Reference in New Issue View Git Blame Copy Permalink