Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37069

Permission denied on durable task directory when using docker.image.inside step on fresh install of jenkins

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • docker-workflow-plugin

      [Maybe related to issues JENKINS-28821, JENKINS-33632 and JENKINS-36842]

      Hello,

      I am trying to stablish a new CI environment with jobs running on docker but I am running into permission issues. I tried to create a minimal reproducible scenario without slave machines.

      Looking at some of the related issues, I wonder whether I was supposed to configure permissions or group membership for the jenkins user on the container (instead of just using the image as is), but I assume that is not the case.

      Starting on a clean Centos 7 vm, I installed jenkins 2.7.1 and docker, and then added the jenkins user to the docker group (ansible playbook follows). Then I only installed "Pipeline" and "CloudBees Docker Pipeline" plugins and its dependencies. Everything is updated as of today. Then I created a single pipeline job:

      node {
   docker.image('centos:7').inside {
      sh 'pwd'
   }
}

      This job fails with permission issues:

      Started by user admin
[Pipeline] node
Running on master in /var/lib/jenkins/workspace/container-test
[Pipeline] {
[Pipeline] sh
[container-test] Running shell script
+ docker inspect -f . centos:7
.
[Pipeline] withDockerContainer
$ docker run -t -d -u 992:989 -w /var/lib/jenkins/workspace/container-test -v /var/lib/jenkins/workspace/container-test:/var/lib/jenkins/workspace/container-test:rw -v /var/lib/jenkins/workspace/container-test@tmp:/var/lib/jenkins/workspace/container-test@tmp:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** centos:7 cat
[Pipeline] {
[container-test] Running shell script
[Pipeline] sh
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/pid: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-log.txt: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-result.txt: Permission denied
[Pipeline] }
$ docker stop c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
$ docker rm -f c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code -2
Finished: FAILURE

      Tools were installed using the following ansible recipe:

      ---
- hosts: jenkins-minimal

  tasks:
  - yum: name={{ item }} state=installed
    with_items:
      - libselinux-python
      - dejavu-sans-fonts
      - fontconfig
      - java-1.8.0-openjdk-headless
      - docker

  - yum_repository:
      name: jenkins
      description: 'Jenkins-stable'
      baseurl: http://pkg.jenkins.io/redhat-stable
      gpgkey: http://pkg.jenkins.io/redhat-stable/jenkins.io.key

  - yum: name=jenkins state=installed

  - group: name=docker
  - user: name=jenkins groups=docker

  - firewalld: port=8080/tcp state=enabled permanent=true immediate=yes

  - service: name={{ item }} state=started enabled=yes
    with_items:
      - jenkins
      - docker

            Unassigned Unassigned
            seuvitor Vitor Dantas
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: