Jenkinsfile:在Docker容器中运行sh步骤时权限被拒绝 [英] Jenkinsfile: permission denied when running sh step in Docker container

问题描述

我在运行简单的Jenkinsfile时遇到问题-例如

I have trouble running a simple Jenkinsfile - e.g.

pipeline {
    agent { label 'ssh-slave' } 
    stages {
        stage('Shell Test') {
            steps {
                sh 'echo "Hello World"'
            }
        }
    }
}

Jenkins在主数据库上的日志文件显示容器已成功启动，但是构建作业崩溃，并显示类似消息

The logfiles of Jenkins on the master show that the container was started successfully but the build job crashes with a message like

sh: 1: /home/jenkins/workspace/pipeline@tmp/durable-34c21b81/script.sh: Permission denied

以下是我们配置/弄清楚的一些其他内容:

Here are some additional things that we configured / figured out:

1. 我们正在具有RHEL的VM上运行代理

1. We are running the agent on a VM with RHEL

我们正在使用 Docker插件来启动/在单独的Jenkins代理上管理容器

We are using the Docker Plugin for Jenkins to start / manage the containers on a separate Jenkins agent

我们正在使用Jenkins插件中的Connect with ssh方法来旋转Docker容器，并使用 jenkinsci/ssh-slave Docker映像

We are spinning up the Docker container using the Connect with ssh method in the Jenkins plugin and use the jenkinsci/ssh-slave Docker image

Jenkins在Docker容器中使用root用户(至少/home/jenkins/...中的所有文件都创建为root

Jenkins is using the root user in the Docker container (at least all files within /home/jenkins/... are created as root

当我们在管道中添加sleep步骤并将docker exec...添加到正在运行的容器中时，即使尝试使用./script.sh运行，也无法以root用户身份执行简单的shell脚本(即使我们在chmod +x script.sh之前设置了正确的文件模式)-我们也得到了sh: 1: permission denied.但是，如果我们使用sh script.sh

When we add a sleep step into the pipeline and docker exec... into the running container, we cannot execute a simple shell script as root, if we are trying to run it with ./script.sh (even if we set proper file mode with chmod +x script.sh before) - we also get sh: 1: permission denied. But we can run the script, if we use sh script.sh

Docker容器内的root用户具有bash-而Jenkins尝试使用sh运行脚本.

The root user inside the Docker container has a bash - whereas Jenkins is trying to run the script with sh.

无论我们是否检查Docker插件模板配置中的run privileged标志，都将发生错误

The error occurs no matter whether we check the run privileged flag in the Docker plugin's template configuration or not

我们已经尝试过但没有用的东西

Things we already tried, but didn't work

1. 将Docker容器中root用户的登录shell更改为/bin/sh

1. Changing the login shell of the root user in the Docker container to /bin/sh

在sh步骤中提供Shebang，如

Providing a shebang in the sh step, à la

sh '''#!/bin/sh
echo "hello world"
'''

在Jenkins全局配置中将Shell执行程序设置为/bin/sh

Setting the shell executor to /bin/sh in the Jenkins global configuration

更改ssh-slave Docker映像的Dockerfile，以使ENTRYPOINT不会运行bash脚本，而是在最后运行/bin/sh

Changing the Dockerfile of the ssh-slave Docker image in such a way that the ENTRYPOINT does not run a bash script, but runs /bin/sh at the end

感谢您的帮助！

推荐答案

问题是容器中的/home/jenkins是通过noexec装载的:

Problem was that /home/jenkins in the container was mounted with noexec:

$ mount
/dev/mapper/rhel-var on /home/jenkins type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)

潜在的问题是基础主机上的/var是通过noexec挂载的(/var是所有容器文件所在的位置...):

Underlying issue was that the /var on the underlying host was mounted with noexec (/var is where all the container files reside...):

$ mount
/dev/mapper/rhel-var on /var type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)

因此，解决此问题的方法是通过在主机上将/var挂载为可执行文件.

So the solution to this problem was to mount /var as executeable on the host via

sudo mount -o remount,exec /var

为我们解决了这个问题.

that solved the issue for us.

这篇关于Jenkinsfile:在Docker容器中运行sh步骤时权限被拒绝的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！