Docker 管道的“内部"不能在 Docker 容器中运行的 Jenkins slave 中工作 [英] Docker pipeline's "inside" not working in Jenkins slave running within Docker container

问题描述

我在让 Jenkins 流水线脚本工作时遇到问题，该脚本使用 Docker 流水线插件在 Docker 容器中运行部分构建.Jenkins server 和 slave 都在 Docker 容器中运行.

I'm having issues getting a Jenkins pipeline script to work that uses the Docker Pipeline plugin to run parts of the build within a Docker container. Both Jenkins server and slave run within Docker containers themselves.

• 在 Docker 容器中运行的 Jenkins 服务器
• 基于自定义镜像的Jenkins slave(https://github.com/simulogics/protokube-jenkins-slave) 也在 Docker 容器中运行
• 基于docker:1.12-dind镜像的Docker daemon容器
• Slave 是这样启动的:docker run --link=docker-daemon:docker --link=jenkins:master -d --name protokube-jenkins-slave -e EXTRA_PARAMS="-username xxx -password xxx-labels docker" simulogics/protokube-jenkins-slave

• Jenkins server running in a Docker container
• Jenkins slave based on custom image (https://github.com/simulogics/protokube-jenkins-slave) running in a Docker container as well
• Docker daemon container based on docker:1.12-dind image
• Slave started like so: docker run --link=docker-daemon:docker --link=jenkins:master -d --name protokube-jenkins-slave -e EXTRA_PARAMS="-username xxx -password xxx -labels docker" simulogics/protokube-jenkins-slave

基本 Docker 操作(拉取、构建和推送映像)在此设置下运行良好.

Basic Docker operations (pull, build and push images) are working just fine with this setup.

• 我希望服务器根本不需要了解 Docker.这应该是从站/节点的特性.
• 我不需要动态分配从站或临时从站.一个手动启动的从站对我的目的来说已经足够了.
• 理想情况下，我想从我的从属的自定义 Docker 映像中移开，而是使用通用 Docker 从属中的 Docker 管道插件提供的 inside 函数.

这是导致问题的代表性构建步骤:

This is a representative build step that's causing the issue:

image.inside {
    stage ('Install Ruby Dependencies') {
        sh "bundle install"
    }
}

这会导致日志中出现这样的错误:

This would cause an error like this in the log:

sh: 1: 无法创建/workspace/repo_branch-K5EM5XEVEIPSV2SZZUR337V7FG4BZXHD4VORYFYISRWIO3N6U67Q@tmp/durable-98bb4c3d/pid:目录不存在

sh: 1: cannot create /workspace/repo_branch-K5EM5XEVEIPSV2SZZUR337V7FG4BZXHD4VORYFYISRWIO3N6U67Q@tmp/durable-98bb4c3d/pid: Directory nonexistent

以前，此警告会显示:

71f4de289962-5790bfcc 似乎在容器 71f4de28996233340c2aed4212248f1e73281f1cd7282a54a36ceeac8c65ec0a 内运行但是在[]中找不到/workspace/repo_branch-K5EM5XEVEIPSV2SZZUR337V7FG4BZXHD4VORYFYISRWIO3N6U67Q

71f4de289962-5790bfcc seems to be running inside container 71f4de28996233340c2aed4212248f1e73281f1cd7282a54a36ceeac8c65ec0a but /workspace/repo_branch-K5EM5XEVEIPSV2SZZUR337V7FG4BZXHD4VORYFYISRWIO3N6U67Q could not be found among []

有趣的是，这里的插件 CloudBees 文档中描述了这个问题 https://go.cloudbees.com/docs/cloudbees-documentation/cje-user-guide/index.html#docker-workflow-sect-inside:

Interestingly enough, exactly this problem is described in CloudBees documentation for the plugin here https://go.cloudbees.com/docs/cloudbees-documentation/cje-user-guide/index.html#docker-workflow-sect-inside:

要让 inside 工作，Docker 服务器和 Jenkins 代理必须使用相同的文件系统，以便可以挂载工作区.确保这一点的最简单方法是让 Docker 服务器在 localhost(与代理相同的计算机)上运行.目前Jenkins插件和Docker CLI都不会自动检测服务器远程运行的情况；一个典型的症状是来自嵌套 sh 命令的错误，例如

For inside to work, the Docker server and the Jenkins agent must use the same filesystem, so that the workspace can be mounted. The easiest way to ensure this is for the Docker server to be running on localhost (the same computer as the agent). Currently neither the Jenkins plugin nor the Docker CLI will automatically detect the case that the server is running remotely; a typical symptom would be errors from nested sh commands such as

无法创建/…@tmp/durable-…/pid:目录不存在或负退出代码.

cannot create /…@tmp/durable-…/pid: Directory nonexistent or negative exit codes.

当 Jenkins 可以检测到代理本身在 Docker 容器内运行时，它会自动将 --volumes-from 参数传递给内部容器，确保它可以与代理共享工作空间.

When Jenkins can detect that the agent is itself running inside a Docker container, it will automatically pass the --volumes-from argument to the inside container, ensuring that it can share a workspace with the agent.

不幸的是，上一段中描述的检测似乎不起作用.

Unfortunately, the detection described in the last paragraph doesn't seem to work.

由于我的服务器和从服务器都在 Docker 容器中运行，我必须使用哪个卷映射小子才能使其工作?

Since both my server and slave are running in Docker containers, what kid of volume mapping do I have to use to make it work?

推荐答案

我已经看到了这个问题的变体，也有 kubernetes-plugin 支持的 agents.

I've seen variations of this issue, also with the agents powered by the kubernetes-plugin.

我认为 agent/jnlp 容器需要与 build 容器共享工作空间.

I think that for it to work the agent/jnlp container needs to share workspace with the build container.

通过 build 容器，我指的是将运行 bundle install 命令的容器.

By build container I am referring to the one that will run the bundle install command.

这可能是通过 withArgs

问题是您为什么要这样做?无论如何，大多数管道步骤都在 master 上执行，实际构建将在 build 容器中运行.还使用 agent 的目的是什么?

The question is why would you want to do that? Most of the pipeline steps are being executed on master anyway and the actual build will run in the build container. What is the purpose of also using an agent?

这篇关于Docker 管道的“内部"不能在 Docker 容器中运行的 Jenkins slave 中工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！