[JENKINS-37069] Permission denied on durable task directory when using docker.image.inside step on fresh install of jenkins

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: docker-workflow-plugin
Labels:
- 2.0
- pipeline
Environment:

Hide
centos 7
openjdk 1.8.0
jenkins 2.7.1
docker-commons 1.4.0
docker-workflow 1.7
durable-task 1.12
workflow-api 2.1
workflow-basic-steps 2.1
workflow-cps 2.10
workflow-durable-task-step 2.4
workflow-job 2.4
workflow-step-api 2.3
workflow-support 2.2

Show
centos 7 openjdk 1.8.0 jenkins 2.7.1 docker-commons 1.4.0 docker-workflow 1.7 durable-task 1.12 workflow-api 2.1 workflow-basic-steps 2.1 workflow-cps 2.10 workflow-durable-task-step 2.4 workflow-job 2.4 workflow-step-api 2.3 workflow-support 2.2

Similar Issues:
Powered by SuggestiMate

Show

[Maybe related to issues JENKINS-28821, JENKINS-33632 and JENKINS-36842]

Hello,

I am trying to stablish a new CI environment with jobs running on docker but I am running into permission issues. I tried to create a minimal reproducible scenario without slave machines.

Looking at some of the related issues, I wonder whether I was supposed to configure permissions or group membership for the jenkins user on the container (instead of just using the image as is), but I assume that is not the case.

Starting on a clean Centos 7 vm, I installed jenkins 2.7.1 and docker, and then added the jenkins user to the docker group (ansible playbook follows). Then I only installed "Pipeline" and "CloudBees Docker Pipeline" plugins and its dependencies. Everything is updated as of today. Then I created a single pipeline job:

node {
   docker.image('centos:7').inside {
      sh 'pwd'
   }
}

This job fails with permission issues:

Started by user admin
[Pipeline] node
Running on master in /var/lib/jenkins/workspace/container-test
[Pipeline] {
[Pipeline] sh
[container-test] Running shell script
+ docker inspect -f . centos:7
.
[Pipeline] withDockerContainer
$ docker run -t -d -u 992:989 -w /var/lib/jenkins/workspace/container-test -v /var/lib/jenkins/workspace/container-test:/var/lib/jenkins/workspace/container-test:rw -v /var/lib/jenkins/workspace/container-test@tmp:/var/lib/jenkins/workspace/container-test@tmp:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** centos:7 cat
[Pipeline] {
[container-test] Running shell script
[Pipeline] sh
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/pid: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-log.txt: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-result.txt: Permission denied
[Pipeline] }
$ docker stop c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
$ docker rm -f c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code -2
Finished: FAILURE

Tools were installed using the following ansible recipe:

---
- hosts: jenkins-minimal

  tasks:
  - yum: name={{ item }} state=installed
    with_items:
      - libselinux-python
      - dejavu-sans-fonts
      - fontconfig
      - java-1.8.0-openjdk-headless
      - docker

  - yum_repository:
      name: jenkins
      description: 'Jenkins-stable'
      baseurl: http://pkg.jenkins.io/redhat-stable
      gpgkey: http://pkg.jenkins.io/redhat-stable/jenkins.io.key

  - yum: name=jenkins state=installed

  - group: name=docker
  - user: name=jenkins groups=docker

  - firewalld: port=8080/tcp state=enabled permanent=true immediate=yes

  - service: name={{ item }} state=started enabled=yes
    with_items:
      - jenkins
      - docker

Vitor Dantas created issue - 2016-07-29 19:32

Vitor Dantas made changes - 2016-07-29 19:34

Description

Original: [Maybe related to issues ~~JENKINS-28821~~, ~~JENKINS-33632~~ and JENKINS-36842]

Hello,

I am trying to stablish a new CI environment with jobs running on docker but I am running into permission issues. I tried to create a minimal reproducible scenario without slave machines.

Starting on a clean Centos 7 vm, I installed jenkins 2.7.1 and docker, and then added the jenkins user to the docker group (ansible playbook follows). Then I only installed "Pipeline" and "CloudBees Docker Pipeline" plugins and its dependencies. Everything is updated as of today. Then I created a single pipeline job:

{{
node {
   docker.image('centos:7').inside {
      sh 'pwd'
   }
}
}}

This job fails with permission issues:

{{
Started by user admin
[Pipeline] node
Running on master in /var/lib/jenkins/workspace/container-test
[Pipeline] {
[Pipeline] sh
[container-test] Running shell script
+ docker inspect -f . centos:7
.
[Pipeline] withDockerContainer
$ docker run -t -d -u 992:989 -w /var/lib/jenkins/workspace/container-test -v /var/lib/jenkins/workspace/container-test:/var/lib/jenkins/workspace/container-test:rw -v /var/lib/jenkins/workspace/container-test@tmp:/var/lib/jenkins/workspace/container-test@tmp:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** centos:7 cat
[Pipeline] {
[container-test] Running shell script
[Pipeline] sh
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/pid: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-log.txt: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-result.txt: Permission denied
[Pipeline] }
$ docker stop c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
$ docker rm -f c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code -2
Finished: FAILURE
}}

Tools were installed using the following ansible recipe:
{{
---
- hosts: jenkins-minimal

  tasks:
  - yum: name={{ item }} state=installed
    with_items:
      - libselinux-python
      - dejavu-sans-fonts
      - fontconfig
      - java-1.8.0-openjdk-headless
      - docker

  - yum_repository:
      name: jenkins
      description: 'Jenkins-stable'
      baseurl: http://pkg.jenkins.io/redhat-stable
      gpgkey: http://pkg.jenkins.io/redhat-stable/jenkins.io.key

  - yum: name=jenkins state=installed

  - group: name=docker
  - user: name=jenkins groups=docker

  - firewalld: port=8080/tcp state=enabled permanent=true immediate=yes

  - service: name={{ item }} state=started enabled=yes
    with_items:
      - jenkins
      - docker
}}

New: [Maybe related to issues ~~JENKINS-28821~~, ~~JENKINS-33632~~ and JENKINS-36842]

Hello,

I am trying to stablish a new CI environment with jobs running on docker but I am running into permission issues. I tried to create a minimal reproducible scenario without slave machines.

Starting on a clean Centos 7 vm, I installed jenkins 2.7.1 and docker, and then added the jenkins user to the docker group (ansible playbook follows). Then I only installed "Pipeline" and "CloudBees Docker Pipeline" plugins and its dependencies. Everything is updated as of today. Then I created a single pipeline job:

{{node {
   docker.image('centos:7').inside {
      sh 'pwd'
   }
}
}}

This job fails with permission issues:

{{
Started by user admin
[Pipeline] node
Running on master in /var/lib/jenkins/workspace/container-test
[Pipeline] {
[Pipeline] sh
[container-test] Running shell script
+ docker inspect -f . centos:7
.
[Pipeline] withDockerContainer
$ docker run -t -d -u 992:989 -w /var/lib/jenkins/workspace/container-test -v /var/lib/jenkins/workspace/container-test:/var/lib/jenkins/workspace/container-test:rw -v /var/lib/jenkins/workspace/container-test@tmp:/var/lib/jenkins/workspace/container-test@tmp:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** centos:7 cat
[Pipeline] {
[container-test] Running shell script
[Pipeline] sh
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/pid: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-log.txt: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-result.txt: Permission denied
[Pipeline] }
$ docker stop c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
$ docker rm -f c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code -2
Finished: FAILURE
}}

Tools were installed using the following ansible recipe:
{{
---
- hosts: jenkins-minimal

  tasks:
  - yum: name={{ item }} state=installed
    with_items:
      - libselinux-python
      - dejavu-sans-fonts
      - fontconfig
      - java-1.8.0-openjdk-headless
      - docker

  - yum_repository:
      name: jenkins
      description: 'Jenkins-stable'
      baseurl: http://pkg.jenkins.io/redhat-stable
      gpgkey: http://pkg.jenkins.io/redhat-stable/jenkins.io.key

  - yum: name=jenkins state=installed

  - group: name=docker
  - user: name=jenkins groups=docker

  - firewalld: port=8080/tcp state=enabled permanent=true immediate=yes

  - service: name={{ item }} state=started enabled=yes
    with_items:
      - jenkins
      - docker
}}

Vitor Dantas made changes - 2016-07-29 19:35

Description

Original: [Maybe related to issues ~~JENKINS-28821~~, ~~JENKINS-33632~~ and JENKINS-36842]

Hello,

I am trying to stablish a new CI environment with jobs running on docker but I am running into permission issues. I tried to create a minimal reproducible scenario without slave machines.

Starting on a clean Centos 7 vm, I installed jenkins 2.7.1 and docker, and then added the jenkins user to the docker group (ansible playbook follows). Then I only installed "Pipeline" and "CloudBees Docker Pipeline" plugins and its dependencies. Everything is updated as of today. Then I created a single pipeline job:

{{node {
   docker.image('centos:7').inside {
      sh 'pwd'
   }
}
}}

This job fails with permission issues:

{{
Started by user admin
[Pipeline] node
Running on master in /var/lib/jenkins/workspace/container-test
[Pipeline] {
[Pipeline] sh
[container-test] Running shell script
+ docker inspect -f . centos:7
.
[Pipeline] withDockerContainer
$ docker run -t -d -u 992:989 -w /var/lib/jenkins/workspace/container-test -v /var/lib/jenkins/workspace/container-test:/var/lib/jenkins/workspace/container-test:rw -v /var/lib/jenkins/workspace/container-test@tmp:/var/lib/jenkins/workspace/container-test@tmp:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** centos:7 cat
[Pipeline] {
[container-test] Running shell script
[Pipeline] sh
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/pid: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-log.txt: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-result.txt: Permission denied
[Pipeline] }
$ docker stop c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
$ docker rm -f c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code -2
Finished: FAILURE
}}

Tools were installed using the following ansible recipe:
{{
---
- hosts: jenkins-minimal

  tasks:
  - yum: name={{ item }} state=installed
    with_items:
      - libselinux-python
      - dejavu-sans-fonts
      - fontconfig
      - java-1.8.0-openjdk-headless
      - docker

  - yum_repository:
      name: jenkins
      description: 'Jenkins-stable'
      baseurl: http://pkg.jenkins.io/redhat-stable
      gpgkey: http://pkg.jenkins.io/redhat-stable/jenkins.io.key

  - yum: name=jenkins state=installed

  - group: name=docker
  - user: name=jenkins groups=docker

  - firewalld: port=8080/tcp state=enabled permanent=true immediate=yes

  - service: name={{ item }} state=started enabled=yes
    with_items:
      - jenkins
      - docker
}}

New: [Maybe related to issues ~~JENKINS-28821~~, ~~JENKINS-33632~~ and JENKINS-36842]

Hello,

I am trying to stablish a new CI environment with jobs running on docker but I am running into permission issues. I tried to create a minimal reproducible scenario without slave machines.

Starting on a clean Centos 7 vm, I installed jenkins 2.7.1 and docker, and then added the jenkins user to the docker group (ansible playbook follows). Then I only installed "Pipeline" and "CloudBees Docker Pipeline" plugins and its dependencies. Everything is updated as of today. Then I created a single pipeline job:

{noformat}
node {
   docker.image('centos:7').inside {
      sh 'pwd'
   }
}
{noformat}

This job fails with permission issues:

{{
Started by user admin
[Pipeline] node
Running on master in /var/lib/jenkins/workspace/container-test
[Pipeline] {
[Pipeline] sh
[container-test] Running shell script
+ docker inspect -f . centos:7
.
[Pipeline] withDockerContainer
$ docker run -t -d -u 992:989 -w /var/lib/jenkins/workspace/container-test -v /var/lib/jenkins/workspace/container-test:/var/lib/jenkins/workspace/container-test:rw -v /var/lib/jenkins/workspace/container-test@tmp:/var/lib/jenkins/workspace/container-test@tmp:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** centos:7 cat
[Pipeline] {
[container-test] Running shell script
[Pipeline] sh
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/pid: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-log.txt: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-result.txt: Permission denied
[Pipeline] }
$ docker stop c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
$ docker rm -f c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code -2
Finished: FAILURE
}}

Tools were installed using the following ansible recipe:
{{
---
- hosts: jenkins-minimal

  tasks:
  - yum: name={{ item }} state=installed
    with_items:
      - libselinux-python
      - dejavu-sans-fonts
      - fontconfig
      - java-1.8.0-openjdk-headless
      - docker

  - yum_repository:
      name: jenkins
      description: 'Jenkins-stable'
      baseurl: http://pkg.jenkins.io/redhat-stable
      gpgkey: http://pkg.jenkins.io/redhat-stable/jenkins.io.key

  - yum: name=jenkins state=installed

  - group: name=docker
  - user: name=jenkins groups=docker

  - firewalld: port=8080/tcp state=enabled permanent=true immediate=yes

  - service: name={{ item }} state=started enabled=yes
    with_items:
      - jenkins
      - docker
}}

Vitor Dantas made changes - 2016-07-29 19:35

Description

Original: [Maybe related to issues ~~JENKINS-28821~~, ~~JENKINS-33632~~ and JENKINS-36842]

Hello,

I am trying to stablish a new CI environment with jobs running on docker but I am running into permission issues. I tried to create a minimal reproducible scenario without slave machines.

Starting on a clean Centos 7 vm, I installed jenkins 2.7.1 and docker, and then added the jenkins user to the docker group (ansible playbook follows). Then I only installed "Pipeline" and "CloudBees Docker Pipeline" plugins and its dependencies. Everything is updated as of today. Then I created a single pipeline job:

{noformat}
node {
   docker.image('centos:7').inside {
      sh 'pwd'
   }
}
{noformat}

This job fails with permission issues:

{{
Started by user admin
[Pipeline] node
Running on master in /var/lib/jenkins/workspace/container-test
[Pipeline] {
[Pipeline] sh
[container-test] Running shell script
+ docker inspect -f . centos:7
.
[Pipeline] withDockerContainer
$ docker run -t -d -u 992:989 -w /var/lib/jenkins/workspace/container-test -v /var/lib/jenkins/workspace/container-test:/var/lib/jenkins/workspace/container-test:rw -v /var/lib/jenkins/workspace/container-test@tmp:/var/lib/jenkins/workspace/container-test@tmp:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** centos:7 cat
[Pipeline] {
[container-test] Running shell script
[Pipeline] sh
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/pid: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-log.txt: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-result.txt: Permission denied
[Pipeline] }
$ docker stop c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
$ docker rm -f c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code -2
Finished: FAILURE
}}

Tools were installed using the following ansible recipe:
{{
---
- hosts: jenkins-minimal

  tasks:
  - yum: name={{ item }} state=installed
    with_items:
      - libselinux-python
      - dejavu-sans-fonts
      - fontconfig
      - java-1.8.0-openjdk-headless
      - docker

  - yum_repository:
      name: jenkins
      description: 'Jenkins-stable'
      baseurl: http://pkg.jenkins.io/redhat-stable
      gpgkey: http://pkg.jenkins.io/redhat-stable/jenkins.io.key

  - yum: name=jenkins state=installed

  - group: name=docker
  - user: name=jenkins groups=docker

  - firewalld: port=8080/tcp state=enabled permanent=true immediate=yes

  - service: name={{ item }} state=started enabled=yes
    with_items:
      - jenkins
      - docker
}}

New: [Maybe related to issues ~~JENKINS-28821~~, ~~JENKINS-33632~~ and JENKINS-36842]

Hello,

I am trying to stablish a new CI environment with jobs running on docker but I am running into permission issues. I tried to create a minimal reproducible scenario without slave machines.

Starting on a clean Centos 7 vm, I installed jenkins 2.7.1 and docker, and then added the jenkins user to the docker group (ansible playbook follows). Then I only installed "Pipeline" and "CloudBees Docker Pipeline" plugins and its dependencies. Everything is updated as of today. Then I created a single pipeline job:

{noformat}
node {
   docker.image('centos:7').inside {
      sh 'pwd'
   }
}
{noformat}

This job fails with permission issues:

{noformat}
Started by user admin
[Pipeline] node
Running on master in /var/lib/jenkins/workspace/container-test
[Pipeline] {
[Pipeline] sh
[container-test] Running shell script
+ docker inspect -f . centos:7
.
[Pipeline] withDockerContainer
$ docker run -t -d -u 992:989 -w /var/lib/jenkins/workspace/container-test -v /var/lib/jenkins/workspace/container-test:/var/lib/jenkins/workspace/container-test:rw -v /var/lib/jenkins/workspace/container-test@tmp:/var/lib/jenkins/workspace/container-test@tmp:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** centos:7 cat
[Pipeline] {
[container-test] Running shell script
[Pipeline] sh
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/pid: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-log.txt: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-result.txt: Permission denied
[Pipeline] }
$ docker stop c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
$ docker rm -f c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code -2
Finished: FAILURE
{noformat}

Tools were installed using the following ansible recipe:
{noformat}
---
- hosts: jenkins-minimal

  tasks:
  - yum: name={{ item }} state=installed
    with_items:
      - libselinux-python
      - dejavu-sans-fonts
      - fontconfig
      - java-1.8.0-openjdk-headless
      - docker

  - yum_repository:
      name: jenkins
      description: 'Jenkins-stable'
      baseurl: http://pkg.jenkins.io/redhat-stable
      gpgkey: http://pkg.jenkins.io/redhat-stable/jenkins.io.key

  - yum: name=jenkins state=installed

  - group: name=docker
  - user: name=jenkins groups=docker

  - firewalld: port=8080/tcp state=enabled permanent=true immediate=yes

  - service: name={{ item }} state=started enabled=yes
    with_items:
      - jenkins
      - docker
{noformat}

Vitor Dantas made changes - 2016-07-29 19:41

Description

Original: [Maybe related to issues ~~JENKINS-28821~~, ~~JENKINS-33632~~ and JENKINS-36842]

Hello,

I am trying to stablish a new CI environment with jobs running on docker but I am running into permission issues. I tried to create a minimal reproducible scenario without slave machines.

Starting on a clean Centos 7 vm, I installed jenkins 2.7.1 and docker, and then added the jenkins user to the docker group (ansible playbook follows). Then I only installed "Pipeline" and "CloudBees Docker Pipeline" plugins and its dependencies. Everything is updated as of today. Then I created a single pipeline job:

{noformat}
node {
   docker.image('centos:7').inside {
      sh 'pwd'
   }
}
{noformat}

This job fails with permission issues:

{noformat}
Started by user admin
[Pipeline] node
Running on master in /var/lib/jenkins/workspace/container-test
[Pipeline] {
[Pipeline] sh
[container-test] Running shell script
+ docker inspect -f . centos:7
.
[Pipeline] withDockerContainer
$ docker run -t -d -u 992:989 -w /var/lib/jenkins/workspace/container-test -v /var/lib/jenkins/workspace/container-test:/var/lib/jenkins/workspace/container-test:rw -v /var/lib/jenkins/workspace/container-test@tmp:/var/lib/jenkins/workspace/container-test@tmp:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** centos:7 cat
[Pipeline] {
[container-test] Running shell script
[Pipeline] sh
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/pid: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-log.txt: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-result.txt: Permission denied
[Pipeline] }
$ docker stop c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
$ docker rm -f c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code -2
Finished: FAILURE
{noformat}

Tools were installed using the following ansible recipe:
{noformat}
---
- hosts: jenkins-minimal

  tasks:
  - yum: name={{ item }} state=installed
    with_items:
      - libselinux-python
      - dejavu-sans-fonts
      - fontconfig
      - java-1.8.0-openjdk-headless
      - docker

  - yum_repository:
      name: jenkins
      description: 'Jenkins-stable'
      baseurl: http://pkg.jenkins.io/redhat-stable
      gpgkey: http://pkg.jenkins.io/redhat-stable/jenkins.io.key

  - yum: name=jenkins state=installed

  - group: name=docker
  - user: name=jenkins groups=docker

  - firewalld: port=8080/tcp state=enabled permanent=true immediate=yes

  - service: name={{ item }} state=started enabled=yes
    with_items:
      - jenkins
      - docker
{noformat}

New: [Maybe related to issues ~~JENKINS-28821~~, ~~JENKINS-33632~~ and JENKINS-36842]

Hello,

I am trying to stablish a new CI environment with jobs running on docker but I am running into permission issues. I tried to create a minimal reproducible scenario without slave machines.

Looking at some of the related issues, I wonder whether I was supposed to configure permissions or group membership for the jenkins user on the container (instead of just using the image as is), but I assume that is not the case.

Starting on a clean Centos 7 vm, I installed jenkins 2.7.1 and docker, and then added the jenkins user to the docker group (ansible playbook follows). Then I only installed "Pipeline" and "CloudBees Docker Pipeline" plugins and its dependencies. Everything is updated as of today. Then I created a single pipeline job:

{noformat}
node {
   docker.image('centos:7').inside {
      sh 'pwd'
   }
}
{noformat}

This job fails with permission issues:

{noformat}
Started by user admin
[Pipeline] node
Running on master in /var/lib/jenkins/workspace/container-test
[Pipeline] {
[Pipeline] sh
[container-test] Running shell script
+ docker inspect -f . centos:7
.
[Pipeline] withDockerContainer
$ docker run -t -d -u 992:989 -w /var/lib/jenkins/workspace/container-test -v /var/lib/jenkins/workspace/container-test:/var/lib/jenkins/workspace/container-test:rw -v /var/lib/jenkins/workspace/container-test@tmp:/var/lib/jenkins/workspace/container-test@tmp:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** centos:7 cat
[Pipeline] {
[container-test] Running shell script
[Pipeline] sh
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/pid: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-log.txt: Permission denied
sh: /var/lib/jenkins/workspace/container-test@tmp/durable-890dccc6/jenkins-result.txt: Permission denied
[Pipeline] }
$ docker stop c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
$ docker rm -f c71c65555ff53a1bd87db33a9d240c6eb4ae14d9c61a0a0a348c7f72f82b7a50
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code -2
Finished: FAILURE
{noformat}

Tools were installed using the following ansible recipe:
{noformat}
---
- hosts: jenkins-minimal

  tasks:
  - yum: name={{ item }} state=installed
    with_items:
      - libselinux-python
      - dejavu-sans-fonts
      - fontconfig
      - java-1.8.0-openjdk-headless
      - docker

  - yum_repository:
      name: jenkins
      description: 'Jenkins-stable'
      baseurl: http://pkg.jenkins.io/redhat-stable
      gpgkey: http://pkg.jenkins.io/redhat-stable/jenkins.io.key

  - yum: name=jenkins state=installed

  - group: name=docker
  - user: name=jenkins groups=docker

  - firewalld: port=8080/tcp state=enabled permanent=true immediate=yes

  - service: name={{ item }} state=started enabled=yes
    with_items:
      - jenkins
      - docker
{noformat}

Jesse Glick made changes - 2016-09-06 14:01

Component/s

Original: durable-task-plugin [ 18622 ]

Jesse Glick made changes - 2017-02-16 17:36

Assignee

Original: Jesse Glick [ jglick ]

Assignee:: Unassigned

Reporter:: Vitor Dantas

Votes:: 1 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2016-07-29 19:32

Updated:: 2017-03-01 16:10

Details

Description

Attachments

Activity

People

Dates