1 / 23

Build Forge Agent behavior

Build Forge Agent behavior. Yang Qian (Eric) qianyang@cn.ibm.com. Agenda. Agent behavior overview Agent authentication Linux/Unix authentication Window authentication magic_login ssl_client_auth_sufficient true

bonnie
Download Presentation

Build Forge Agent behavior

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Build Forge Agent behavior Yang Qian (Eric) qianyang@cn.ibm.com

  2. Agenda • Agent behavior overview • Agent authentication • Linux/Unix authentication • Window authentication • magic_login • ssl_client_auth_sufficient true • using buildforge login overriding server authentication • Agent collecting job information • Window(pipe/process) • Linux/Unix(fork process) • FAQ

  3. Agent behavior overview • 1, Run as a service usually • 2, Receive the commands • 3, Interpret and understand these commands tags • 4, Execute the commands and returns the results

  4. Agent behavior overview Cont • 1, Run as a service usually • 2, Receive the commands • 3, Interpret and understand these commands tags • 4, Execute the commands and returns the results

  5. Agent behavior overview Cont • Test agent service • 1, Test from local machine(to make sure agent service is working well) • 2, Test from remote machine(to make sure that no network filter limits the agent connection) • In command line, execute the following commands • telnet localhost 5555(this port is the agent listening port by default) • username <user name> • password <password> • cmd ping • go

  6. Agenda • Agent behavior overview • Agent authentication • Linux/Unix authentication • Window authentication • magic_login • ssl_client_auth_sufficient true • using buildforge login overriding server authentication • Agent collecting job information • Window(pipe/process) • Linux/Unix(fork process) • FQA

  7. Agent authentication-- Linux/Unix 1, Bfagent uses PAM setting to login by default, During agent installation, PAM setting is copied from or add to /etc/pam.d according to the platforms such as on Linux cp /etc/pam.d/sshd /etc/pam.d/bfagent or cp /etc/pam.d/login /etc/pam.d/bfagent 2, Bfagent uses PAM setting to login, so if there are some login issue, please check the PAM setting at the same time FYI: http://www.linux-pam.org/ http://www.sun.com/software/solaris/pam/ http://www.feep.net/PAM/AIX/ http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.security/doc/security/pam_lam.htm

  8. Agent authentication-- Linux/Unix Cont

  9. Agent authentication-- Linux/Unix Cont(RHEL example)

  10. Agent authentication -- Windows Using the Windows API to logon: local windows account or Windows domain account Agent runs with administrator privileges and a different user supplies authentication credentials. Basic Process: Authenticate user,then load profile, impersonate as the logon user to execute job, unload profile Specifc process: LogonUserW(…) LoadUserProfile(..) (whatever local profile or roaming profile) CreateEnvironmentBlock(…) ImpersonateLoggedOnUser (…) Setenv for this user ….(execute the commands) UnloadUserProfile(…)

  11. Agent authentication– Windows Cont

  12. Agent authentication– magic_login The magic_login setting is an alternative to standard system authentication. With this setting, the system can authenticate your login with a single user name and password. Note: The agent runs all commands using the permissions of the user who started the agent, not the user name used to log in when using magic_login

  13. Agent authentication– magic_login VS OS user/pw login Advantage a, more unified server auth(a single user and password to authenticate) b, agent is started as non-root or non-administrative users,which meets some security requirements in some companies. c, agent can work in UNIX systems that do not work with PAM Disadvantage a, the buildforge job will run as the only one user. Which lost some functions, such as, step1 runs the commands as user1, step2 runs the commands as user2 b, enable the magic_login, you need to update the file bfagent.conf

  14. Agent authentication– ssl_client_auth_sufficient true When bfagent communicates with console by SSL enabled, if you enable ssl_client_auth_sufficient true in bfagent.conf, the server can be connected without server Auth

  15. Agent authentication– using buildforge login overriding server authentication Function Force the server to use your Management Console login credentials instead of the server authentication assigned to the server. How to a, With an environment that contains _USE_BFCREDS=1, the system uses the console login credentials of the user who started the project to run the step's command. b, On Windows, consider setting the variable _USE_BFCREDS_DOMAIN as well. Setting this variable to a value of 1 includes the user's domain.

  16. Agenda • Agent behavior overview • Agent authentication • Linux/Unix authentication • Window authentication • magic_login • ssl_client_auth_sufficient true • using buildforge login overriding server authentication • Agent collecting job information • Window(pipe/process) • Linux/Unix(fork process) • FAQ

  17. Agent job executing– timeout Timeout step timeout doesn’t mean the step running time. It means how many minutes the system waits for the current command to produce output (default is 5 minutes). A value of 0 means that the step does not timeout if the step properly connects to the agent. If the timeout value is reached, the system fails the step.

  18. Agent job executing– Windows 1, store all the commands to a temp file 2, create a process to execute the command: CMD.EXE /Q /C c:\xxxx\bfxxin.cmd 3, Create a pipe to associate with process to execute the command. 4, Read the output from pipe 5, Send the executing output to console • 4/12/2012 2:59:37 PM [ 6068] agent.c : 433: invoking implementation for [exec] • 4/12/2012 2:59:37 PM [ 6068] agent.c : 306: ClobberPasswords • 4/12/2012 2:59:37 PM [ 6068] exec.c : 217: EXEC external / preparse • 4/12/2012 2:59:37 PM [ 6068] platform.c :1683: platform_spawn: Initializing... • 4/12/2012 2:59:37 PM [ 6068] platform.c :1698: Creating job • 4/12/2012 2:59:37 PM [ 6068] platform.c :1713: Initializing I/O pipe • 4/12/2012 2:59:37 PM [ 6068] platform.c :1753: Using dead pipe for STDIN • 4/12/2012 2:59:37 PM [ 6068] platform.c :1789: cygwin=0 shell=[CMD.EXE /Q /C %s] • 4/12/2012 2:59:37 PM [ 6068] platform.c :2283: CONVERT -> console[936] • 4/12/2012 2:59:37 PM [ 6068] platform.c :2293: CONVERT <- console[936] • 4/12/2012 2:59:37 PM [ 6068] platform.c :1374: AUTH grant_auth_user_access path=[C:\Users\IBM_AD~1\AppData\Local\Temp\bfFD5B2B9CA9DA5E498BF5D4E396E49931.cmd]

  19. Agent job executing– Linux/Unix 1, bfagent create pipe ,then fork a child process 2, the child process,setenv,chdir to executing dir, exec the command 3, parent process, timing the timeout, detect child process, read from child process related pipe

  20. Agent job executing– Linux/Unix Cont • Tue May 8 18:19:44 2012 [ 9178] agent.c : 653: tag: tag • Tue May 8 18:19:44 2012 [ 9178] agent.c : 653: tag: dir • Tue May 8 18:19:44 2012 [ 9178] agent.c : 653: tag: timeout • Tue May 8 18:19:44 2012 [ 9178] agent.c : 653: tag: username • Tue May 8 18:19:44 2012 [ 9178] bfcryptloader.c : 531: Password decoded. • Tue May 8 18:19:44 2012 [ 9178] agent.c : 540: tag: lang • Tue May 8 18:19:44 2012 [ 9178] agent.c : 546: tag: go • Tue May 8 18:19:44 2012 [ 9178] agent.c : 471: agent_process_request • Tue May 8 18:19:44 2012 [ 9178] agent.c : 340: agent_process_command cmd=[exec] • Tue May 8 18:19:44 2012 [ 9178] agent.c : 181: agent_authenticate • Tue May 8 18:19:44 2012 [ 9178] agent.c : 219: AUTH normal • Tue May 8 18:19:44 2012 [ 9178] pam.c : 89: AUTH using PAM • Tue May 8 18:19:44 2012 [ 9178] agent.c : 380: AUTH ok • Tue May 8 18:19:44 2012 [ 9178] platform.c : 181: ICONV ok [ANSI_X3.4-1968] • Tue May 8 18:19:44 2012 [ 9178] platform.c :2029: LOCALE ok [] -> [C] • Tue May 8 18:19:44 2012 [ 9178] platform.c : 181: ICONV ok [ANSI_X3.4-1968] • Tue May 8 18:19:44 2012 [ 9178] platform.c :2023: LOCALE ok [C] • Tue May 8 18:19:44 2012 [ 9178] agent.c : 390: ENV processed • Tue May 8 18:19:44 2012 [ 9178] agent.c : 410: PTY allocating • Tue May 8 18:19:44 2012 [ 9178] agent.c : 433: invoking implementation for [exec] • Tue May 8 18:19:44 2012 [ 9178] agent.c : 306: ClobberPasswords • Tue May 8 18:19:44 2012 [ 9178] exec.c : 217: EXEC external / preparse • Tue May 8 18:19:44 2012 [ 9179] platform.c :2002: LOCALE using [C] • Tue May 8 18:19:44 2012 [ 9178] exec.c : 272: EXEC ok • Tue May 8 18:19:44 2012 [ 9178] agent.c : 306: ClobberPasswords • Tue May 8 18:19:44 2012 [ 9178] agent.c : 443: PTY release • Tue May 8 18:19:44 2012 [ 9178] agent.c : 731: cleanup • Tue May 8 18:19:44 2012 [ 9178] main.c : 527: --- EXITING ---

  21. Agenda • Agent behavior overview • Agent authentication • Linux/Unix authentication • Window authentication • magic_login • ssl_client_auth_sufficient true • using buildforge login overriding server authentication • Agent collecting job information • Window(pipe/process) • Linux/Unix(fork process) • FAQ

  22. Agent FAQ 1, User mode agent (only for Windows) An agent installed as User Mode allows a user to interact with applications launched by a project. 2, Enable bfagent.log to track the agent running state

  23. Agent FAQ Cont 3, Commands in a step after a Windows batch command are not run 4, Job does not process any step commands after an ANT build command

More Related