HOWTO: Provision an On-Prem Operations Runner

Purpose: Deploy a Jenkins agent on the on-prem management network and validate it can execute HybridOps module runs as pipeline steps.

Difficulty: Intermediate

Track: Contract-Driven Automation

---

Overview

On-prem operations runners give CI/CD pipelines direct access to platform resources without routing through the public internet. They are the execution boundary that separates automation running inside the site from automation running in cloud-hosted CI. This HOWTO covers the provisioning and validation of the on-prem Jenkins agent.

---

1. Module Overview

• Module ID: infra/onprem/ops-runner.
• Registers the agent with the Jenkins controller on the control node.
• Agent VM provisioned in management VLAN.

2. Module Inputs

• Agent VM IP (IPAM-allocated).
• Jenkins controller URL and registration credential reference.
• HybridOps CLI version and Python environment requirements.
• Agent label set for pipeline targeting.

3. Provisioning the Agent

• Module execution and step-by-step output.
• Jenkins agent registration confirmation.
• HybridOps CLI and Ansible installation on the agent.

4. Credential Injection

• Vault AppRole credential wiring on the agent.
• SSH key deployment for managed hosts.
• NetBox API token injection.

5. Validation

• Test pipeline: execute a --preflight-only module run from Jenkins.
• Confirm run record is written to <runtime-root>/logs/ on the agent.
• Agent label visible in Jenkins controller UI.

---

References

• HOWTO: Provision Control Node
• HOWTO: Run HyOps Preflight
• HOWTO: Provision GCP Ops Runner

---

License: MIT-0 for code, CC-BY-4.0 for documentation unless otherwise stated.