Comments (21)
You need to make sure the user id (not the name jenkins
) of the container has permissions in the host /data/jenkins dir.
Run ps -fea
in the host and you should see the jenkins process and what user it runs under. Or use docker run
with -u
and a user that has permissions in that dir
from docker.
i just run:
docker run -d --name jenkins -p 8080:8080 192.168.1.175:5000/hwangjr/jenkins
ps -fea | grep jenkins
then get:
[root@localhost ~]# ps -fea | grep jenkins
1000 13233 5494 99 11:06 ? 00:00:08 java -jar /usr/share/jenkins/jenkins.war
root 13297 13160 0 11:06 pts/0 00:00:00 grep --color=auto jenkins
from docker.
i think the user id is right: 1000, and i set the permission:
chown -R 1000:1000 /data/jenkins
# or chmod -R 777 /data/jenkins
But, it does not work~~
from docker.
so the user 1000 needs permissions in /data/jenkins
can you run su 1000 -c "mkdir /data/jenkins/init.groovy.d"
?
from docker.
i run the command in the host:
[root@localhost ~]# su 1000 -c "mkdir /data/jenkins/init.groovy.d"
su: user 1000 does not exist
Maybe i should add a user whitch user id is 1000?
from docker.
I've been trying to run this on google container engine for hours with no luck. Using kubectl logs POD, I see the same error. I don't see how I can get the volume to mount like this, any clues?
Here is what I added:
"protocol": "TCP"
}
],
+ "volumeMounts": [
+ {
+ "name": "jenkins-persistent-storage",
+ "mountPath": "/var/jenkins_home"
+ }
+ ],
"imagePullPolicy": "IfNotPresent"
}
],
+ "volumes": [
+ {
+ "name": "jenkins-persistent-storage",
+ "gcePersistentDisk": {
+ "pdName": "jenkins-disk",
+ "fsType": "ext4"
+ }
+ }
+ ],
"restartPolicy": "Always",
"dnsPolicy": "ClusterFirst"
}
from docker.
@hwangjr yes, you need the dir to be owned by the same user the container is running as
@frankcarey same thing, you need to take care of permissions of the volumes, see kubernetes/kubernetes#2630
from docker.
I encountered the same issue, after I set the folder (on host machine) to
777, then it worked.
On Tue, 16 Jun 2015 at 16:07 Carlos Sanchez [email protected]
wrote:
@hwangjr https://github.com/hwangjr yes, you need the dir to be owned
by the same user the container is running as
@frankcarey https://github.com/frankcarey same thing, you need to take
care of permissions of the volumes, see
kubernetes/kubernetes#2630
kubernetes/kubernetes#2630—
Reply to this email directly or view it on GitHub
#111 (comment).
from docker.
@jiakuan Do u have a user id 1000? under /etc/passwd file~
from docker.
No, I don't have user id.
On Tue, 16 Jun 2015 at 16:13 BlueMint [email protected] wrote:
@jiakuan https://github.com/jiakuan Do u have a user id 1000? under
/etc/passwd file~—
Reply to this email directly or view it on GitHub
#111 (comment).
from docker.
@jiakuan This is wired.. can u run:
su 1000 -c "mkdir /data/jenkins/init.groovy.d"
from docker.
FROM jenkins
if we want to do something via root
USER root
RUN mkdir /data/jenkins/init.groovy.d # other commands such as chmod
can be put here
USER jenkins # drop back to the regular jenkins user - good practice
Perhaps you can do something like this in your Dockerfile?
On Tue, Jun 16, 2015 at 8:44 PM, BlueMint [email protected] wrote:
@jiakuan https://github.com/jiakuan This is wired.. can u run:
su 1000 -c "mkdir /data/jenkins/init.groovy.d"
—
Reply to this email directly or view it on GitHub
#111 (comment).
from docker.
@jiakuan This is fine, but if jenkins do not have the permission to create files, then when we run jenkins use user jenkins, it would also have the permission problem like this~
from docker.
@jiakuan yeah, your suggestion is what I'm thinking.. Seems like it would make sense for the default Dockerfile to do that. @carlossg what's the reason to not run jenkins as root in the container? ( I just read kubernetes/kubernetes#2630)
from docker.
The Dockerfile can't create anything in a volume dir (jenkins home), it gets lost. That's why plugins and other files are copied at runtime.
from docker.
@carlossg so, i have to create a user and the user id should be 1000, then i chown the folder R/W/X permission?
from docker.
The easiest way is to add 777 permissions to the host dir where the volume is mapped, that way you see what host user is creating the files, and then adjust accordingly
from docker.
@carlossg In fact, i have try to add the permission 777, and i got this error too~~ This make me a little confused..
from docker.
If the permissions are setup correctly and you're still encountering this issue, check your SELinux configuration:
http://stackoverflow.com/questions/24288616/permission-denied-on-accessing-host-directory-in-docker
from docker.
@theotherwhitemeat Thanks, i will try it later~~
from docker.
Hi All,
I have similar problem. While creating a Jenkins deployment in GKE, It is not loading my groovy scripts in /var/jenkins_home/init.groovy.d files other than "tcp-slave-agent-port.groovy" file. Groovy script loaded to image while building my custom image from the official one. This is happening if I am attaching persistent storage. If I am running the deployment without volume attachment, everything will works fine. Anyone can help me please?m
Docker file:
FROM jenkins
MAINTAINER Bujail
# Install plugins
COPY plugins.txt /usr/share/jenkins/plugins
RUN /usr/local/bin/install-plugins.sh $(cat /usr/share/jenkins/plugins | tr '\n' ' ')
# Setup Security with User
COPY security.groovy /var/jenkins_home/init.groovy.d/security.groovy
# Disabling setup wizard
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false -Djenkins.CLI.disabled=true"
Groovy Script:
#!groovy
import jenkins.model.*
import hudson.security.*
import jenkins.security.s2m.AdminWhitelistRule
def instance = Jenkins.getInstance()
println "--> creating local user 'admin'"
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount('admin','admin@123')
instance.setSecurityRealm(hudsonRealm)
def strategy = new
hudson.security.FullControlOnceLoggedInAuthorizationStrategy()
strategy.setAllowAnonymousRead(false)
instance.setAuthorizationStrategy(strategy)
println "--> Enable Agent → Master Access Control"
Jenkins.instance.getInjector().getInstance(AdminWhitelistRule.class)
.setMasterKillSwitch(false);
instance.save()
Plugins file:
maven-plugin:2.15.1
bitbucket:1.1.5
artifactory:2.10.3
sonar:2.6.1
kubernetes:0.11
Kubernetes Deployment file:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: jenkins
namespace: immediate
spec:
replicas: 1
template:
metadata:
labels:
app: master
spec:
containers:
- name: master
image: bujail/private:jenkins
ports:
- containerPort: 8080
- containerPort: 50000
readinessProbe:
httpGet:
path: /login
port: 8080
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 2
failureThreshold: 5
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
resources:
limits:
cpu: 500m
memory: 1500Mi
requests:
cpu: 500m
memory: 1500Mi
securityContext:
fsGroup: 1000
seLinuxOptions:
level: "s0:c123,c456"
imagePullSecrets:
- name: docker-buju
volumes:
- name: jenkins-home
persistentVolumeClaim:
claimName: jenkins
StorageClass:
apiVersion: storage.k8s.io/v1beta1
kind: StorageClass
metadata:
name: jenkins
namespace: immediate
provisioner: kubernetes.io/gce-pd
parameters:
type: pd-ssd
zone: asia-east1-c
PV Claim:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: jenkins
namespace: immediate
annotations:
pv.beta.kubernetes.io/gid: "1000"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: jenkins
Kubernetes version 1.6
Jenkins Version: 2.46.2
from docker.
Related Issues (20)
- apt-get update fails with signatures couldn't be verified because the public key is not available HOT 6
- windowsservercore-2019 image not updated HOT 5
- Ship production build of Java 21 from Eclipse Temurin HOT 3
- Upgrade curl to >=8.4.0 to fix CVE-2023-38545 HOT 3
- CVE-2023-38039, CVE-2023-38408, CVE-2023-38039, CVE-2023-38039, CVE-2023-44487 HOT 4
- Unexpected loss of more precise labels in favor of less precise labels HOT 13
- The directory separator used in the Windows build script is dependent on the OS
- latest with jdk17 & almalinux HOT 2
- Update Docker Hub description with JDK17 images instead of JDK11 HOT 2
- Set JDK17 as the default JDK for Windows image
- Publish a Windows image for each supported Java version HOT 2
- `windowsservercore-2019` images use `windowsservercore-1809` as base image HOT 2
- Windows - There should be a set of weekly and LTS short tags not including Jenkins version in their names HOT 4
- After Jenkins docks with ldap, the first login the next day will display a password error. The second login will be successful, and submitting the pipeline using Jenkins' API will fail. Jenkins logs indicate that the connection to ldap has timed out
- JenkinsProject
- `jenkins-plugin-cli` reports `War not found, installing all plugins: /usr/share/java/jenkins.war` HOT 5
- CVE-2024-23897 still exists in latest LTS version jenkins/jenkins:2.440.1-lts-jdk11 HOT 2
- The repository 'https://packagecloud.io/github/git-lfs/debian bookworm InRelease' is not signed. HOT 1
- CVE-2024-22201 still appears in jenkins/jenkins:2.444-jdk11 image HOT 2
- pipeline-input-step:2.8 Test cases run failed (Server Issue) HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker.