-
Bug
-
Resolution: Not A Defect
-
Minor
-
None
-
Jenkins 2.73.1, Kubernetes Plugin 1.0, Kubernetes 1.7.4
Attempting to execute sh command within container step fails when the image user is not root.
Replicate by running pipeline:
podTemplate(name: 'my-pod', label: 'my-pod', containers: [ containerTemplate(name: 'kubectl-cmd', image: 'wernight/kubectl:1.6.4', ttyEnabled: true, command: 'cat', args:null)]) { node('my-pod') { stage('Test command') { container('kubectl-cmd') { sh 'whoami' } } } }
`sh 'whoami'` does not successfully run, and the job fails with message: "ERROR: script returned exit code -2 "
The image being run is here.
I created a modified version of the image where simply "User kubectl" is removed. The job then runs as expected.
- duplicates
-
JENKINS-47827 Support passing a user/uid into containerTemplate
-
- Resolved
-
- is related to
-
-
- Closed
-
-
JENKINS-46055 "dir" fails to use existing directory owned by root
-
- Open
-
[JENKINS-47389] sh step within container step does not work when user is non-root
Attached debug log for what I believe are relevant entries during job execution.
Note, there may be some noise from other concurrent jobs running.
so this is the error, can you try making your image user be uid 1000 ?
[non-root-container] Running shell script
sh: can't create /home/jenkins/workspace/non-root-container@tmp/durable-bf906406/jenkins-log.txt: Permission denied
sh: can't create /home/jenkins/workspace/non-root-container@tmp/durable-bf906406/jenkins-result.txt.tmp: Permission denied
mv: can't rename '/home/jenkins/workspace/non-root-container@tmp/durable-bf906406/jenkins-result.txt.tmp': No such file or directory
touch: /home/jenkins/workspace/non-root-container@tmp/durable-bf906406/jenkins-log.txt: Permission denied
touch: /home/jenkins/workspace/non-root-container@tmp/durable-bf906406/jenkins-log.txt: Permission denied
touch: /home/jenkins/workspace/non-root-container@tmp/durable-bf906406/jenkins-log.txt: Permission denied
touch: /home/jenkins/workspace/non-root-container@tmp/durable-bf906406/jenkins-log.txt: Permission denied
touch: /home/jenkins/workspace/non-root-container@tmp/durable-bf906406/jenkins-log.txt: Permission denied
touch: /home/jenkins/workspace/non-root-container@tmp/durable-bf906406/jenkins-log.txt: Permission denied
touch: /home/jenkins/workspace/non-root-container@tmp/durable-bf906406/jenkins-log.txt: Permission denied
process apparently never started in /home/jenkins/workspace/non-root-container@tmp/durable-bf906406
csanchez I'm running into this issue as well; I'd be more then happy to help fix the issue if you can point to the right place in the Kubernetes-plugin code;
Sriniva Pothala
added a comment - Just add the `jnlp` container with path pointing to `home/jekins/agent`. It worked for me
containerTemplate(name: 'jnlp', image: 'lachlanevenson/jnlp-slave:3.10-1-alpine', args: '${computer.jnlpmac} ${computer.name}', workingDir: '/home/jenkins/agent')
Sriniva Pothala
added a comment - Just add the `jnlp` container with path pointing to `home/jekins/agent`. It worked for me
containerTemplate(name: 'jnlp' , image: 'lachlanevenson/jnlp-slave:3.10-1-alpine' , args: '${computer.jnlpmac} ${computer.name}' , workingDir: '/home/jenkins/agent' )
The example works after adding runAsUser:
podTemplate(name: 'my-pod', label: 'my-pod', runAsUser: '2342', containers: [ containerTemplate(name: 'kubectl-cmd', image: 'wernight/kubectl:1.6.4', ttyEnabled: true, command: 'cat', args:null)]) { node('my-pod') { stage('Test command') { container('kubectl-cmd') { sh 'whoami' } } } }
Documented under https://github.com/jenkinsci/kubernetes-plugin#pod-and-container-template-configuration
debug logs please ? https://github.com/jenkinsci/kubernetes-plugin#debugging