Run all jobs on slaves
A possible configuration for Jenkins is to run all jobs through JNLP slaves. These can be housed upon the same machine as the master or different machines. The benefit is that the slaves can be run as different users and so cannot overwrite configuration files.
Creating a jnlp slave
mkdir /srv/jenkins-slaves
adduser --home /srv/jenkins-slaves/jslave jslave
Download http://localhost:21337/jnlpJars/slave.jar to /srv/jenkins-slaves
Then as shown on the slave start page:
cd /srv/jenkins-slaves/jslave
java -jar slave.jar -jnlpUrl http://localhost:21337/computer/jnlp/slave-agent.jnlp \
-secret 96742108603d1c4f19a7fe52133f7410d75a7287f9686d9e97276e3c1eae10d7
This can then be run under runit.
Add the following to /etc/sv/jslave/run
#!/bin/sh
set -e
exec 2>&1
export LANG=en_GB.UTF8
export LANGUAGE=en_GB:en
export LC_ALL=en_GB.UTF8
export HOME=/srv/jenkins-slaves/jslave
cd /srv/jenkins-slaves/jslave
# Secret and url copied from http://localhost:8081/computer/Runner/
chpst -u jslave \
java -jar slave.jar -jnlpUrl http://localhost:8081/computer/Runner/slave-agent.jnlp \
-secret 96742108603d1c4f19a7fe52133f7410d75a7287f9686d9e97276e3c1eae10d7
Add the following to /etc/sv/jslave/log/run
#!/bin/bash
set -e
exec svlogd /var/log/jslave
Then add a symlink into /etc/services and start the service:
ln -s /etc/sv/jslave /etc/service/
/usr/bin/sv start /etc/service/jslave
Now jobs can be configured through the Jenkins interface to run only on the slave runner.
You can extend this to many different slaves, each running a different class of job.