how to disable slave windows service auto update
Coenen, Wim
Hello jenkins users,
I just upgraded our Jenkins master from 2.52 to 2.164.2, and ran into a problem with the slave auto-update feature.
We run some Jenkins nodes as windows services on windows machines with highly restrictive security software that checks all binaries against a whitelist. Because of this, we cannot use the auto-update feature. Any new jenkins-slave.exe that appears, will get blocked immediately. This is exactly what happened after I upgraded our master. I tried to sign the exe to mark it as trusted, which allows me to start the Jenkins service once, but then the signed version just automatically gets replaced by the unsigned one again.
I found some relevant documentation here:
https://github.com/jenkinsci/windows-slave-installer-module/blob/master/README.md
That documentation states that the org.jenkinsci.modules.windows_slave_installer.disableAutoUpdate
system property can be set to "true" to disable this behavior. I tried to do that by editing the jenkins-slave.xml and inserting -Dorg.jenkinsci.modules.windows_slave_installer.disableAutoUpdate="true"
at the start of the arguments passed to java.exe. However, this does not seem to have any effect. The jenkins-slave.exe *still* gets replaced when the service is first started.
Some other things I tried, with the same result:
- putting the same -D option in a JAVA_TOOL_OPTIONS environment variable
- putting the same -D option in the windows service configuration, so that it gets passed to jenkins-slave.exe
- commenting out the "download" element in Jenkins-slave.xml
- making read-only or denying write access on jenkins-slave.exe (but the jenkins agent runs as admin and just seems to override these things)
How can I actually disable these automatic updates?
Thanks in advance,
Wim Coenen