Unable to run Jenkins build node if I set "User Jenkins" in the dockerfile about docker-plugin HOT 11 CLOSED

The agent container image that you are using must have a mistake in it. The Jenkins agent container images always run as the 'jenkins' users. They never run as root.

I just confirmed with my installation that the following Pipeline job:

pipeline {
    agent {
        label 'alpine'
    }
    stages {
        stage('Hello') {
            steps {
                sh 'whoami'
            }
        }
    }
}

results in the following output:

14:37:10  Started by user Mark Waite
14:37:10  [Pipeline] Start of Pipeline
14:37:10  [Pipeline] node
14:37:16  Running on alpine-jdk21-00005ve0gil95 on mark-pc2
14:37:16  [Pipeline] {
14:37:16  [Pipeline] stage
14:37:16  [Pipeline] { (Hello)
14:37:16  [Pipeline] sh
14:37:17  + whoami
14:37:17  jenkins
14:37:17  [Pipeline] }
14:37:17  [Pipeline] // stage
14:37:17  [Pipeline] }
14:37:17  [Pipeline] // node
14:37:17  [Pipeline] End of Pipeline
14:37:17  Finished: SUCCESS

That output shows that the agent is running as the user 'jenkins'.

I use the agent Docker image 'jenkins/inbound-agent:latest-alpine-jdk21' with remote file system root '/home/jenkins/agent'

from docker-plugin.

As an additional item, the Jenkins project no longer supports Red Hat Enterprise Linux 7 or any of its derivatives (like CentOS 7, Amazon Linux 2, or Oracle Linux 7). More details are available in the operating system end of life blog post.

from docker-plugin.

As an additional item, the Jenkins project no longer supports Red Hat Enterprise Linux 7 or any of its derivatives (like CentOS 7, Amazon Linux 2, or Oracle Linux 7). More details are available in the operating system end of life blog post.

Not relevant, as I am not running Jenkins on 7.9, only a build node with Java 11.

from docker-plugin.

The agent container image that you are using must have a mistake in it. The Jenkins agent container images always run as the 'jenkins' users. They never run as root.

I just confirmed with my installation that the following Pipeline job:

pipeline {
    agent {
        label 'alpine'
    }
    stages {
        stage('Hello') {
            steps {
                sh 'whoami'
            }
        }
    }
}

results in the following output:

14:37:10  Started by user Mark Waite
14:37:10  [Pipeline] Start of Pipeline
14:37:10  [Pipeline] node
14:37:16  Running on alpine-jdk21-00005ve0gil95 on mark-pc2
14:37:16  [Pipeline] {
14:37:16  [Pipeline] stage
14:37:16  [Pipeline] { (Hello)
14:37:16  [Pipeline] sh
14:37:17  + whoami
14:37:17  jenkins
14:37:17  [Pipeline] }
14:37:17  [Pipeline] // stage
14:37:17  [Pipeline] }
14:37:17  [Pipeline] // node
14:37:17  [Pipeline] End of Pipeline
14:37:17  Finished: SUCCESS

That output shows that the agent is running as the user 'jenkins'.

I use the agent Docker image 'jenkins/inbound-agent:latest-alpine-jdk21' with remote file system root '/home/jenkins/agent'

I got the Jenkins controller image from the Docker Hub, so if it has an error, looks like someone released it with bugs. I am not having problems with Jenkins controller in a container, the title of the issue should have made that clear. I am having problems with a container I built to run as a cloud build node. It most definitely does NOT start as the Jenkins users, it starts up as root. I need to know how to tell Jenkins to change that so it start the build node container with jenkins as the default user (or any other user).

from docker-plugin.

I am having problems with a container I built trying to run as a cloud build node. It most definitely does NOT start as the Jenkins users, it starts up as root.

The container you built to run as a cloud build node has an error in its container definition. The error is that you have configured it to run as the user "root" instead of using an unprivileged account.

Refer to the Jenkins Docker agent repository for examples of container definitions that run as an unprivileged user. Some of those examples include:

• Alpine Linux
• Debian Linux

from docker-plugin.

I tried using the USER command in the Dockerfile to tell it to switch to the Jenkins user after it has done all the setup work. What happens when I do that is that Jenkins complains that it cannot run the agent, and goes into an endless loop of instantiating one container after another, until I kill the job. And then I have to manually remove the containers it created.

I see the line that reads:

ADD --chown="${user}":"${group}" "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar" /usr/share/jenkins/agent.jar

Does this mean that every container I build this way has to have the remoting agent baked in?

from docker-plugin.

Does this mean that every container I build this way has to have the remoting agent baked in?

Yes, the Jenkins docker plugin expects that the container it launches as an inbound agent must run the Jenkins agent.jar to initiate the connection from the agent to the controller.

from docker-plugin.

I got that part, but the user and perms of the agent jar I thought would have been set as permissive as possible. I will try this tomorrow.

from docker-plugin.

In looking at the dockerfile for the debian example, I see this:

ARG VERSION=3206.vb_15dcf73f6a_9

There doesn't seem to be any correlation to the Jenkins I am using, 2.440.1. I am also using jdk11, because jdk17 or higher are not certified for use in our organization.

Where does that version for the agent come from??

from docker-plugin.

Where does that version for the agent come from??

It is updated by updatecli whenever there is a new release of Jenkins remoting.

from docker-plugin.

I got it fixed. Had to copy the remoting agent to the agent root folder and set some permissions before setting the user to jenkins at the end of the docker file. Thanks!

from docker-plugin.