Jenkins Slave 403 although Anonymous Slave connect has been enabled
Nothing like an answer 1.5 years later but I just ran across this!
The way I handled this is with the Role-Based Strategy plugin.
Summary
The basics are:
- Add and enable the Role-Based Strategy plugin
- Create a global group swarmclient
- Grant the swarmclient group the slave privileges only
- I currently allow the Anonymous group to be in the swarmclient group.
- In the future I will probably deny swarmclient privileges for the Anonymous group and will instead create accounts in the swarmclient group.
Details
In Manage Jenkins > Configure Global Security > Authorization, enable Role-Based strategy.
In Manage Jenkins > Manage Roles > Manage and Define Roles I added "swarmclient" to the global roles. Give this group Create permissions in the slave section of the global settings:
In newer versions of Jenkins the term "Slave" is replaced by "Agents"
Then in Manage Jenkins > Manage Roles > Assign Roles you add the Anonymous group to the swarmclient group:
And finally, as mentioned above, if you want some restrictions on the machines that can connect as a swarm client, just:
- create user(s) for the swarm
- add them to the swarmclient group
- remove swarmclient permissions (on the Assign Roles) page from the Anonymous group.