Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-68736

Kubernetes container does not respect tty: true

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • kubernetes-plugin
    • None

      I am attempting to gpg sign a git commit within a container that's slightly modified from the stock Ubuntu 20.04 container image from official ubuntu images.  99% of the customizations revolve around adding required packages and some shell scripts.  

      The primary issue is regardless of what I do or attempt, I CANNOT get gpg to sign a commit.   It stems from gpg complaining that it cannot open a tty, despite the fact that I have tty: true in my container yaml.  Adding a simple 'tty' to my script block (see below) results in a 'not a tty' message, and if I attempt to run 

      gpg --status-fd=2 -bsau <keyid>

      then GPG complains with 

      gpg: cannot open '/dev/tty': No such device or address

      I have checked the keys, permissions, added the following to ~/.gnupg/gpg.conf

      use-agent
pinentry-mode loopback

      and the following to ~/.gnupg/gpg-agent.conf

      allow-loopback-pinentry
allow-preset-passphrase

      My .bashrc in the container contains the following:

      export ANSIBLE_HOME="${HOME}/git"
export ANSIBLE_PBV='.v4'
export ANSIBLE_PLAYBOOKS="${ANSIBLE_HOME}/ansible-playbooks${ANSIBLE_PBV}"
export ANSIBLE_INVENTORY="${ANSIBLE_PLAYBOOKS}/inventory"

export PATH=${HOME}/.local/bin:${PATH}
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/nullunset SSH_AGENT_PID

if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
    export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi

set -o vi
PS1="[\u@\h] (\t) # "

if [ -f ~/.bash_aliases ]; then
  . ~/.bash_aliases
fi

if [ -f ~/.bash_functions ]; then
  . ~/.bash_functions
fi

      Needless to say I'm pulling my hair out here.  Everything I have read says that adding the tty: true to my container yaml should resolve the issue.  Is this a bug, or what am I missing here?

      My pipeline is the following:

      def caller = ""
def commitid = ""
def project = ""

pipeline {
  agent {
    kubernetes {
      label "myProject-buildAgent"
      defaultContainer 'jnlp'
      podRetention never()
      yaml """
apiVersion: v1
kind: Pod
metadata:
labels:
  component: ci
spec:
  # Use service account that can deploy to all namespaces
  serviceAccountName: my-jenkins
  containers:
  - name: ansible
    image: gcr.io/my-gcr-ns/custom-ansible:ubuntu-20.04
    imagePullPolicy: Always
    stdin: true
    tty: true
    command:
    - cat
"""
}
    }
    environment {
        GPG_SECRET = credentials('My_GH_GPG_Passphrase')
    }
    stages {
      stage('Setup') {
          steps {
              script {
                  
                  if (! env.caller?.trim()) { 
                      throw new Exception("Cannot continue without a caller.")
                  } else {
                      sh 'echo "Using [${caller}] as the caller."'
                  }
                  
                  if (! env.commitid?.trim() || env.commitid == "") { 
                      throw new Exception("Cannot continue without a commit id.")
                  } else {
                      sh 'echo "Using [${commitid}] as the commit id."'
                  }
                  
                  if (! env.project?.trim()) { 
                      throw new Exception("Cannot continue without a project.")
                  } else {
                      tmp_str = env.project.toLowerCase().substring(0,3)
                      env.project = tmp_str
                      sh 'echo "Using [${project}] as the project."'
                  }
              }
          }
      }
        
      stage('Build Init') {
        steps {
          container('ansible') {
            script {
                sh '''#!/bin/bash
                    source ~/.bashrc
                             
                    echo "Seeding GPG passphrase"
                    /usr/lib/gnupg2/gpg-preset-passphrase --preset -vP '${GPG_SECRET}' REDACTED
                    echo "caller is [${caller}], commit id is [${commitid}], and project is [${project}]."
                    echo "Cloning our ansible repos now."
                    check-git-ansible
                    
                    cd ${ANSIBLE_PLAYBOOKS}
                    git branch -c "NEW_PROJECT_${project}"
                    echo "Generating the ansible inventory files for ${project} now."
                    generate_ansible_inventory ${project}
                    git add . 
                    
                    # gpg --status-fd=2 -bsau REDACTED
                    
                    GIT_TRACE=1 git commit -m"Added new project ${project} to inventory"
                    git push
                    cd ${ANSIBLE_HOME}
                    
                    ls -la
                '''
            }
          }
        }
      }
    }
}

       

            Unassigned Unassigned
            rpopp Reuben Popp
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: