Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-70894

Agent args cannot override default config on plugin

      When using agent docker into a jenkinsfile we can add some args to our file, like user, volume or other. 

      The actual behaviour when docker container start working is:

      [Pipeline] withDockerContainerJenkins does not seem to be running inside a container$ docker run -t -d -u 995:993 -w /var/lib/jenkins/workspace/Test/test-docker -v /var/lib/jenkins/workspace/Test/test-docker:/var/lib/jenkins/workspace/Test/test-docker:rw,z -v /var/lib/jenkins/workspace/Test/test-docker@tmp:/var/lib/jenkins/workspace/Test/test-docker@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** registry.gitlab.com/path/to/my/images/image:latest cat 

      However if on the jenkinsfile we set some args for user or volume, the expected behaviour should be to override the default ones, but instead is just adding more args to the docker run command:
      the jenkinsfile:

      pipeline {
          agent { 
              docker {
                  image 'path/to/my/images/image:latest'
                  registryUrl 'https://registry.gitlab.com'
                  args '-u 995:1000'
              }
          }

      The output:

      [Pipeline] withDockerContainerJenkins does not seem to be running inside a container$ docker run -t -d -u 995:993 -u 995:1000 -w /var/lib/jenkins/workspace/Test/test-docker -v /var/lib/jenkins/workspace/Test/test-docker:/var/lib/jenkins/workspace/Test/test-docker:rw,z -v /var/lib/jenkins/workspace/Test/test-docker@tmp:/var/lib/jenkins/workspace/Test/test-docker@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** registry.gitlab.com/path/to/my/images/image:latest cat

      This creates limitation for the plugin and does not allow to use all the power of docker.

       

      Possible solution:

      • set a way to override the default values or to do more configuration for the plugin
      • create some condition that if the jenkinsfile contains some args, do not set the default one but use the ones provided on the Jenkinsfile

          [JENKINS-70894] Agent args cannot override default config on plugin

          Daniel Auld added a comment -

          I'll second the request to have the UID passed to 'docker run' be configurable/overwritable. I containerize tools like 'terraform' and the AWS CLI for use in declarative pipelines. I always create a default user with the same UID as used by the Docker Pipeline plugin. This way I can have commands like 'aws config' write credentials locally that disappear with the container when it stops (more secure).

          I've been using Jenkins since 2017. Six years ago, running the "agent { docker {} }"" block would result in a 'docker run' command like:

          docker run -t -d -u 1000:1000 ...

          A few months ago (April 2023), I stood up a new stack and found the command was now:

          docker run -t -d -u 1002:1002 ...

          With the latest plugin update (late May 2023), the command now uses:

          docker run -t -d -u 1001:1001 ...

          As the issue poster noted, adding "args '-u 1002:1002'" to try to make existing containers backwards-compatible resulted in a double-argument rather than replacement:

          docker run -t -d -u 1001:1001 -u 1002:1002 ...

          I'd be happy to look at writing a patch for consideration with a few pointers on which files would be the best to look at.

          Daniel Auld added a comment - I'll second the request to have the UID passed to 'docker run' be configurable/overwritable. I containerize tools like 'terraform' and the AWS CLI for use in declarative pipelines. I always create a default user with the same UID as used by the Docker Pipeline plugin. This way I can have commands like 'aws config' write credentials locally that disappear with the container when it stops (more secure). I've been using Jenkins since 2017. Six years ago, running the "agent { docker {} }"" block would result in a 'docker run' command like: docker run -t -d -u 1000:1000 ... A few months ago (April 2023), I stood up a new stack and found the command was now: docker run -t -d -u 1002:1002 ... With the latest plugin update (late May 2023), the command now uses: docker run -t -d -u 1001:1001 ... As the issue poster noted, adding "args '-u 1002:1002'" to try to make existing containers backwards-compatible resulted in a double-argument rather than replacement: docker run -t -d -u 1001:1001 -u 1002:1002 ... I'd be happy to look at writing a patch for consideration with a few pointers on which files would be the best to look at.

            Unassigned Unassigned
            sdeponte saul
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: