You need to make sure the user id (not the name jenkins) of the container has permissions in the host /data/jenkins dir.
Run ps -fea in the host and you should see the jenkins process and what user it runs under. Or use docker run with -u and a user that has permissions in that dir

from docker.

i just run:

docker run -d --name jenkins -p 8080:8080  192.168.1.175:5000/hwangjr/jenkins
ps -fea | grep jenkins

then get:

[root@localhost ~]# ps -fea | grep jenkins
1000      13233   5494 99 11:06 ?        00:00:08 java -jar /usr/share/jenkins/jenkins.war
root      13297  13160  0 11:06 pts/0    00:00:00 grep --color=auto jenkins

from docker.

i think the user id is right: 1000, and i set the permission:

chown -R 1000:1000 /data/jenkins
# or chmod -R 777 /data/jenkins

But, it does not work~~

from docker.

so the user 1000 needs permissions in /data/jenkins

can you run su 1000 -c "mkdir /data/jenkins/init.groovy.d" ?

from docker.

i run the command in the host:

[root@localhost ~]# su 1000 -c "mkdir /data/jenkins/init.groovy.d"
su: user 1000 does not exist

Maybe i should add a user whitch user id is 1000?

from docker.

I've been trying to run this on google container engine for hours with no luck. Using kubectl logs POD, I see the same error. I don't see how I can get the volume to mount like this, any clues?

Here is what I added:

                 "protocol": "TCP"
               }
             ],
+            "volumeMounts": [
+              {
+                "name": "jenkins-persistent-storage",
+                "mountPath": "/var/jenkins_home"
+              }
+            ],
             "imagePullPolicy": "IfNotPresent"
           }
         ],
+        "volumes": [
+          {
+            "name": "jenkins-persistent-storage",
+            "gcePersistentDisk": {
+              "pdName": "jenkins-disk",
+              "fsType": "ext4"
+            }
+          }
+        ],
         "restartPolicy": "Always",
         "dnsPolicy": "ClusterFirst"
       }

from docker.

@hwangjr yes, you need the dir to be owned by the same user the container is running as
@frankcarey same thing, you need to take care of permissions of the volumes, see kubernetes/kubernetes#2630

from docker.

I encountered the same issue, after I set the folder (on host machine) to
777, then it worked.

On Tue, 16 Jun 2015 at 16:07 Carlos Sanchez [email protected]
wrote:

@hwangjr https://github.com/hwangjr yes, you need the dir to be owned
by the same user the container is running as
@frankcarey https://github.com/frankcarey same thing, you need to take
care of permissions of the volumes, see
kubernetes/kubernetes#2630
kubernetes/kubernetes#2630

—
Reply to this email directly or view it on GitHub
#111 (comment).

from docker.

@jiakuan Do u have a user id 1000? under /etc/passwd file~

from docker.

No, I don't have user id.

On Tue, 16 Jun 2015 at 16:13 BlueMint [email protected] wrote:

@jiakuan https://github.com/jiakuan Do u have a user id 1000? under
/etc/passwd file~

—
Reply to this email directly or view it on GitHub
#111 (comment).

from docker.

@jiakuan This is wired.. can u run:

su 1000 -c "mkdir /data/jenkins/init.groovy.d"

from docker.

FROM jenkins

if we want to do something via root

USER root
RUN mkdir /data/jenkins/init.groovy.d # other commands such as chmod
can be put here
USER jenkins # drop back to the regular jenkins user - good practice

Perhaps you can do something like this in your Dockerfile?

On Tue, Jun 16, 2015 at 8:44 PM, BlueMint [email protected] wrote:

@jiakuan https://github.com/jiakuan This is wired.. can u run:

su 1000 -c "mkdir /data/jenkins/init.groovy.d"

—
Reply to this email directly or view it on GitHub
#111 (comment).

from docker.

@jiakuan This is fine, but if jenkins do not have the permission to create files, then when we run jenkins use user jenkins, it would also have the permission problem like this~

from docker.

@jiakuan yeah, your suggestion is what I'm thinking.. Seems like it would make sense for the default Dockerfile to do that. @carlossg what's the reason to not run jenkins as root in the container? ( I just read kubernetes/kubernetes#2630)

from docker.

The Dockerfile can't create anything in a volume dir (jenkins home), it gets lost. That's why plugins and other files are copied at runtime.

from docker.

@carlossg so, i have to create a user and the user id should be 1000, then i chown the folder R/W/X permission?

from docker.

The easiest way is to add 777 permissions to the host dir where the volume is mapped, that way you see what host user is creating the files, and then adjust accordingly

from docker.

@carlossg In fact, i have try to add the permission 777, and i got this error too~~ This make me a little confused..

from docker.

If the permissions are setup correctly and you're still encountering this issue, check your SELinux configuration:
http://stackoverflow.com/questions/24288616/permission-denied-on-accessing-host-directory-in-docker

from docker.

@theotherwhitemeat Thanks, i will try it later~~

from docker.

Hi All,
I have similar problem. While creating a Jenkins deployment in GKE, It is not loading my groovy scripts in /var/jenkins_home/init.groovy.d files other than "tcp-slave-agent-port.groovy" file. Groovy script loaded to image while building my custom image from the official one. This is happening if I am attaching persistent storage. If I am running the deployment without volume attachment, everything will works fine. Anyone can help me please?m
Docker file:

FROM jenkins
MAINTAINER Bujail
# Install plugins
COPY plugins.txt /usr/share/jenkins/plugins
RUN /usr/local/bin/install-plugins.sh $(cat /usr/share/jenkins/plugins | tr '\n' ' ')
# Setup Security with User
COPY security.groovy /var/jenkins_home/init.groovy.d/security.groovy
# Disabling setup wizard
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false -Djenkins.CLI.disabled=true"

Groovy Script:

#!groovy

import jenkins.model.*
import hudson.security.*
import jenkins.security.s2m.AdminWhitelistRule

def instance = Jenkins.getInstance()

println "--> creating local user 'admin'"

def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount('admin','admin@123')
instance.setSecurityRealm(hudsonRealm)

def strategy = new
hudson.security.FullControlOnceLoggedInAuthorizationStrategy()
strategy.setAllowAnonymousRead(false)
instance.setAuthorizationStrategy(strategy)

println "--> Enable Agent → Master Access Control"
Jenkins.instance.getInjector().getInstance(AdminWhitelistRule.class)
.setMasterKillSwitch(false);
instance.save()

Plugins file:

maven-plugin:2.15.1
bitbucket:1.1.5
artifactory:2.10.3
sonar:2.6.1
kubernetes:0.11

Kubernetes Deployment file:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: jenkins
  namespace: immediate
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: master
    spec:
      containers:
      - name: master
        image: bujail/private:jenkins
        ports:
        - containerPort: 8080
        - containerPort: 50000
        readinessProbe:
          httpGet:
            path: /login
            port: 8080
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 2
          failureThreshold: 5
        volumeMounts:
        - name: jenkins-home
          mountPath: /var/jenkins_home
        resources:
          limits:
            cpu: 500m
            memory: 1500Mi
          requests:
            cpu: 500m
            memory: 1500Mi
      securityContext:
        fsGroup: 1000
        seLinuxOptions:
          level: "s0:c123,c456"         
      imagePullSecrets:
      - name: docker-buju
      volumes:
      - name: jenkins-home
        persistentVolumeClaim:
          claimName: jenkins

StorageClass:

apiVersion: storage.k8s.io/v1beta1
kind: StorageClass
metadata:
  name: jenkins
  namespace: immediate
provisioner: kubernetes.io/gce-pd
parameters:
  type: pd-ssd
  zone: asia-east1-c

PV Claim:

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: jenkins
  namespace: immediate
  annotations:
    pv.beta.kubernetes.io/gid: "1000"
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: jenkins

Kubernetes version 1.6

Jenkins Version: 2.46.2

from docker.