Jenkins Lesson 3 – Jenkins Architecture | Dataplexa

Jenkins Course

I. Jenkins Fundamentals
1. What is Jenkins 2. Why Jenkins is Used 3. Jenkins Architecture 4. Master and Agent Model 5. Jenkins Installation Overview 6. Initial Setup and UI 7. Jenkins Jobs Overview 8. Freestyle Jobs 9. Build Lifecycle 10. Beginner Best Practices
II. Jenkins Pipelines
11. What is Jenkins Pipeline 12. Declarative vs Scripted 13. Jenkinsfile Introduction 14. Pipeline Syntax 15. Stages and Steps 16. Environment Variables 17. Job Parameters 18. Credentials Management 19. Pipeline Triggers 20. Pipeline Notifications 21. Pipeline with Git 22. Pipeline with Docker 23. Pipeline with Kubernetes 24. Handling Pipeline Failures 25. Pipeline Best Practices
III. Security, Plugins & Scaling
26. Plugins Overview 27. Plugin Management 28. Jenkins Security Model 29. Users, Roles and Permissions 30. Securing Credentials 31. Backup and Restore 32. Logging and Monitoring 33. Performance Tuning 34. Distributed Builds 35. Scaling Jenkins
IV. Advanced Jenkins & Real-World
36. Jenkins as Code 37. Configuration as Code 38. Jenkins in Cloud Environments 39. Jenkins on Kubernetes 40. Jenkins and Infrastructure as Code 41. Jenkins for Microservices 42. Migration Strategies 43. Troubleshooting 44. Jenkins Anti-Patterns 45. Mini Project
Section I · Lesson 3

Jenkins Architecture

Before you install a single thing, you need to understand how Jenkins is built — because the architecture decides everything: how it scales, where it breaks, and why distributed builds exist in the first place.

Most beginners think of Jenkins as one program running on one server. That's true when you first install it. But the reason Jenkins has powered CI/CD at companies with hundreds of developers is that it was designed from the start to be split across multiple machines. Understanding that design — even before you touch a terminal — will save you a lot of confusion later.

The Airport Analogy

Think of a major airport. There's an air traffic control tower — it doesn't fly any planes. It tracks every flight, issues instructions, decides who lands and who waits, and makes sure nothing collides. The actual flying is done by the planes themselves, each with its own crew, fuel, and cargo.

Jenkins works exactly the same way. The Jenkins Master is the control tower — it receives instructions, schedules work, and tracks results. The Jenkins Agents are the planes — they do the actual work of running tests, compiling code, and deploying applications. The master never runs a build itself. It just directs traffic.

Key Concept

The Master schedules and coordinates. The Agents execute. They can be on the same machine when you're starting out, or spread across dozens of servers when you're at scale. The architecture supports both.

The Three Core Components

Every Jenkins installation — from a single laptop to a 50-node enterprise cluster — is made of the same three building blocks:

1. The Master (also called the Controller). This is the brain. It runs the Jenkins web interface you see in the browser, stores all configuration, manages the job queue, and decides which agent runs which job. It does not run build commands itself — best practice is to keep it lean and let agents do the heavy lifting.

2. Agents (also called Nodes or Workers). These are the machines that actually run your build steps — compiling code, running tests, building Docker images. An agent can be a physical server, a virtual machine, a Docker container, or a Kubernetes pod. You can have one or many. Each agent connects back to the master and says "I'm ready for work."

3. The Workspace. Every time an agent runs a job, Jenkins creates a workspace — a dedicated folder on that agent's disk where the code is checked out and all build files are created. When the build finishes, the workspace stays there (until cleaned up) so you can inspect what happened.

How It All Fits Together

Here's the architecture as a diagram. This is what's happening under the hood every time a build runs:

Jenkins Master
Web UI · Job Queue · Config
Your browser connects here
Port 8080
Agent 1
Linux · Runs tests
Workspace
/jenkins/jobs/...
Agent 2
Windows · Runs builds
Workspace
/jenkins/jobs/...
Agent 3
Docker container
Workspace
/jenkins/jobs/...

The Master assigns jobs to available agents. Each agent creates its own workspace. Builds run in parallel across agents.

What Lives Where

It helps to know exactly what files and data Jenkins stores, and where. When something breaks, this is the map you use to find the problem:

Location
What's stored there
/var/lib/jenkins/
The JENKINS_HOME — everything lives here: jobs, configs, plugins, build history
/var/lib/jenkins/jobs/
One subfolder per job — config.xml, build logs, workspace
/var/lib/jenkins/plugins/
Every installed plugin lives here as a .jpi file
/var/log/jenkins/
Jenkins system logs — the first place to check when something goes wrong

How Jenkins Communicates With Agents

The master and agents need to talk to each other to coordinate work. Jenkins uses two main methods to make that connection:

SSH (most common). The master connects to the agent over SSH — the same secure protocol you'd use to log into a remote server. The master pushes a small Java program called the agent.jar to the agent machine, and that program handles all communication back.

JNLP / WebSocket (inbound). The agent reaches out to the master instead. This is useful when the agent is behind a firewall or in a cloud environment where the master can't directly SSH in. The agent starts up, connects to the master's URL, and waits for work.

Security Note

The master should never run build jobs directly in production. If a malicious build script runs on the master, it has access to all your Jenkins credentials, all your job configurations, and your entire JENKINS_HOME. Always route build work through agents — even if the agent is on the same physical machine as the master.

The Build Flow, Step by Step

Here's exactly what happens the moment a build is triggered — from the first event to the final result being logged:

1
Trigger fires

A developer pushes code, a timer fires, or someone clicks Build Now. The master receives the event.

2
Job enters the queue

The master adds the job to its build queue. If an agent is free, it runs immediately. If all agents are busy, it waits.

3
Agent is assigned

The master picks an available agent that matches the job's requirements and tells it to start working.

4
Workspace is created, code checked out

The agent creates a workspace folder and pulls the latest code from the repository.

5
Build steps execute

Tests run, the app compiles, Docker images build — whatever the job defines. Console output streams back to the master in real time.

6
Result is recorded

The master logs SUCCESS or FAILURE, stores the console output, and triggers any post-build actions like sending a Slack notification.

Now let's see this architecture in action. The first thing any engineer does when checking a Jenkins server is look at what nodes (agents) are connected and whether they're online. Here's how you do that from the command line.

The scenario:

You've just joined a platform team at a mid-sized SaaS company. It's your first week. Your lead tells you Jenkins has three agents configured but one of them has been throwing errors since yesterday. You need to check which agents are online, which are offline, and report back. This command gives you that picture in seconds.

Tools used in this command:

  • java — Java is the programming language Jenkins itself is built on. You need Java installed to run Jenkins and to use the Jenkins CLI tool.
  • jenkins-cli.jar — A small program provided by Jenkins that lets you control Jenkins from the terminal instead of clicking through the browser. You download it once from your Jenkins server.
  • get-node — A Jenkins CLI command that fetches details about a specific agent (node) registered with the master.
# List all nodes (agents) registered with this Jenkins master
# 'get-node' with no node name listed returns info on all nodes
java -jar jenkins-cli.jar \
  -s http://jenkins-master-01:8080 \
  -auth admin:your-api-token \
  get-node

Where to practice this: You need a running Jenkins server to use the CLI. The easiest free option for beginners is Katacoda Jenkins Playground — it gives you a live Jenkins instance in your browser with no installation needed. Alternatively, Instruqt Jenkins labs are another solid free option. Once you have a live server, download the CLI jar from http://YOUR-JENKINS-URL/jnlpJars/jenkins-cli.jar and you can run every command in this course.

<slave>
  <name>agent-linux-01</name>
  <description>Primary Linux build agent</description>
  <numExecutors>4</numExecutors>
  <mode>NORMAL</mode>
  <retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
  <launcher class="hudson.plugins.sshslaves.SSHLauncher">
    <host>10.0.1.45</host>
    <port>22</port>
  </launcher>
  <label>linux docker</label>
  <offline>false</offline>
</slave>

What just happened?

  • The output is XML — Jenkins stores all its configuration as XML files internally. When you query an agent via the CLI, it returns that agent's raw config file. Don't be put off by the angle brackets — just read the field names.
  • <name> — this is the agent's identifier inside Jenkins. Jobs use this name (or its label) to request a specific machine.
  • <numExecutors>4</numExecutors> — this agent can run 4 jobs simultaneously. If you only have 1 executor, only 1 build runs at a time on this machine. More executors = more parallel builds.
  • <label>linux docker</label> — labels are how the master matches jobs to agents. A job that says "run on a machine with the label docker" will be routed to this agent automatically.
  • <offline>false</offline> — this is the key field you'd check first. false means the agent is online and ready. true means it's down. This is the answer to your lead's question.
  • The SSH launcher block — tells you the master connects to this agent via SSH at IP 10.0.1.45 on port 22. If this agent goes offline, this is where you'd start debugging the connection.

Teacher's Note

The word "node" and "agent" mean the same thing in Jenkins. Older docs say node. Newer docs say agent. You'll see both — don't let it trip you up.

Practice Questions

1. What is the Jenkins component that schedules jobs and manages the build queue called?



2. What is the dedicated folder created on an agent for each build called?



3. What do you assign to an agent so that specific jobs can be routed to it automatically?



Quiz

1. What is the correct description of how the Jenkins master and agents divide responsibility?


2. Where does Jenkins store all its configuration, jobs, plugins, and build history by default on Linux?


3. In the agent XML output, what does <offline>false</offline> tell you?


Up Next · Lesson 4

Master and Agent Model

You've seen the architecture on paper — now let's go deep on how masters and agents actually connect, communicate, and scale.

← Previous Course Index Next →