Comments (11)
The agent container image that you are using must have a mistake in it. The Jenkins agent container images always run as the 'jenkins' users. They never run as root.
I just confirmed with my installation that the following Pipeline job:
pipeline {
agent {
label 'alpine'
}
stages {
stage('Hello') {
steps {
sh 'whoami'
}
}
}
}
results in the following output:
14:37:10 Started by user Mark Waite
14:37:10 [Pipeline] Start of Pipeline
14:37:10 [Pipeline] node
14:37:16 Running on alpine-jdk21-00005ve0gil95 on mark-pc2
14:37:16 [Pipeline] {
14:37:16 [Pipeline] stage
14:37:16 [Pipeline] { (Hello)
14:37:16 [Pipeline] sh
14:37:17 + whoami
14:37:17 jenkins
14:37:17 [Pipeline] }
14:37:17 [Pipeline] // stage
14:37:17 [Pipeline] }
14:37:17 [Pipeline] // node
14:37:17 [Pipeline] End of Pipeline
14:37:17 Finished: SUCCESS
That output shows that the agent is running as the user 'jenkins'.
I use the agent Docker image 'jenkins/inbound-agent:latest-alpine-jdk21' with remote file system root '/home/jenkins/agent'
from docker-plugin.
As an additional item, the Jenkins project no longer supports Red Hat Enterprise Linux 7 or any of its derivatives (like CentOS 7, Amazon Linux 2, or Oracle Linux 7). More details are available in the operating system end of life blog post.
from docker-plugin.
As an additional item, the Jenkins project no longer supports Red Hat Enterprise Linux 7 or any of its derivatives (like CentOS 7, Amazon Linux 2, or Oracle Linux 7). More details are available in the operating system end of life blog post.
Not relevant, as I am not running Jenkins on 7.9, only a build node with Java 11.
from docker-plugin.
The agent container image that you are using must have a mistake in it. The Jenkins agent container images always run as the 'jenkins' users. They never run as root.
I just confirmed with my installation that the following Pipeline job:
pipeline { agent { label 'alpine' } stages { stage('Hello') { steps { sh 'whoami' } } } }results in the following output:
14:37:10 Started by user Mark Waite 14:37:10 [Pipeline] Start of Pipeline 14:37:10 [Pipeline] node 14:37:16 Running on alpine-jdk21-00005ve0gil95 on mark-pc2 14:37:16 [Pipeline] { 14:37:16 [Pipeline] stage 14:37:16 [Pipeline] { (Hello) 14:37:16 [Pipeline] sh 14:37:17 + whoami 14:37:17 jenkins 14:37:17 [Pipeline] } 14:37:17 [Pipeline] // stage 14:37:17 [Pipeline] } 14:37:17 [Pipeline] // node 14:37:17 [Pipeline] End of Pipeline 14:37:17 Finished: SUCCESS
That output shows that the agent is running as the user 'jenkins'.
I use the agent Docker image 'jenkins/inbound-agent:latest-alpine-jdk21' with remote file system root '/home/jenkins/agent'
I got the Jenkins controller image from the Docker Hub, so if it has an error, looks like someone released it with bugs. I am not having problems with Jenkins controller in a container, the title of the issue should have made that clear. I am having problems with a container I built to run as a cloud build node. It most definitely does NOT start as the Jenkins users, it starts up as root. I need to know how to tell Jenkins to change that so it start the build node container with jenkins as the default user (or any other user).
from docker-plugin.
I am having problems with a container I built trying to run as a cloud build node. It most definitely does NOT start as the Jenkins users, it starts up as root.
The container you built to run as a cloud build node has an error in its container definition. The error is that you have configured it to run as the user "root" instead of using an unprivileged account.
Refer to the Jenkins Docker agent repository for examples of container definitions that run as an unprivileged user. Some of those examples include:
from docker-plugin.
I tried using the USER command in the Dockerfile to tell it to switch to the Jenkins user after it has done all the setup work. What happens when I do that is that Jenkins complains that it cannot run the agent, and goes into an endless loop of instantiating one container after another, until I kill the job. And then I have to manually remove the containers it created.
I see the line that reads:
ADD --chown="${user}":"${group}" "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar" /usr/share/jenkins/agent.jar
Does this mean that every container I build this way has to have the remoting agent baked in?
from docker-plugin.
Does this mean that every container I build this way has to have the remoting agent baked in?
Yes, the Jenkins docker plugin expects that the container it launches as an inbound agent must run the Jenkins agent.jar to initiate the connection from the agent to the controller.
from docker-plugin.
I got that part, but the user and perms of the agent jar I thought would have been set as permissive as possible. I will try this tomorrow.
from docker-plugin.
In looking at the dockerfile for the debian example, I see this:
ARG VERSION=3206.vb_15dcf73f6a_9
There doesn't seem to be any correlation to the Jenkins I am using, 2.440.1. I am also using jdk11, because jdk17 or higher are not certified for use in our organization.
Where does that version for the agent come from??
from docker-plugin.
Where does that version for the agent come from??
It is updated by updatecli
whenever there is a new release of Jenkins remoting.
from docker-plugin.
I got it fixed. Had to copy the remoting agent to the agent root folder and set some permissions before setting the user to jenkins at the end of the docker file. Thanks!
from docker-plugin.
Related Issues (20)
- Dynamic provision of Docker Agent Templates HOT 14
- can not get container id if the Jenkins is running in a podman HOT 4
- Client certificate doesn't provide to remote docker daemon HOT 1
- NPE in DockerComputerJNLPConnector.beforeContainerCreated starting with Jenkins 2.437 HOT 9
- Docker cloud does not show credentials dropdown HOT 1
- Support to connect to docker/podman socket via SSH tunnel HOT 2
- Docker.inside() sh block doesn't wait until "$@" is executed
- No logs when using awslogs log driver
- Deprecated value in DEFAULT_ENTRY_POINT_ARGUMENTS
- Is there a way to add build time options like --add-host?
- uninstallation pending HOT 1
- Pipeline withDockerContainer() report an Error:Cannot run program "docker": error=2, No such file or directory HOT 1
- Add Instance Number to Environment Variables
- Support for sysctl settings
- Introduce how to use this plugin in a Pipeline HOT 5
- Docker 27.0.1: Failure to login to docker registry with port HOT 2
- Duplicated slaves spawned
- Agents can't be reused - Broken Pipe HOT 1
- Docker plugin stopped starting Docker containers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-plugin.