Jenkinsfile:在Docker容器中运行sh步骤时权限被拒绝 [英] Jenkinsfile: permission denied when running sh step in Docker container
问题描述
我在运行简单的Jenkinsfile
时遇到问题-例如
I have trouble running a simple Jenkinsfile
- e.g.
pipeline {
agent { label 'ssh-slave' }
stages {
stage('Shell Test') {
steps {
sh 'echo "Hello World"'
}
}
}
}
Jenkins在主数据库上的日志文件显示容器已成功启动,但是构建作业崩溃,并显示类似消息
The logfiles of Jenkins on the master show that the container was started successfully but the build job crashes with a message like
sh: 1: /home/jenkins/workspace/pipeline@tmp/durable-34c21b81/script.sh: Permission denied
以下是我们配置/弄清楚的一些其他内容:
Here are some additional things that we configured / figured out:
-
我们正在具有RHEL的VM上运行代理
We are running the agent on a VM with RHEL
我们正在使用 Docker插件来启动/在单独的Jenkins代理上管理容器
We are using the Docker Plugin for Jenkins to start / manage the containers on a separate Jenkins agent
我们正在使用Jenkins插件中的Connect with ssh
方法来旋转Docker容器,并使用 jenkinsci/ssh-slave Docker映像
We are spinning up the Docker container using the Connect with ssh
method in the Jenkins plugin and use the jenkinsci/ssh-slave Docker image
Jenkins在Docker容器中使用root
用户(至少/home/jenkins/...
中的所有文件都创建为root
Jenkins is using the root
user in the Docker container (at least all files within /home/jenkins/...
are created as root
当我们在管道中添加sleep
步骤并将docker exec...
添加到正在运行的容器中时,即使尝试使用./script.sh
运行,也无法以root用户身份执行简单的shell脚本(即使我们在chmod +x script.sh
之前设置了正确的文件模式)-我们也得到了sh: 1: permission denied
.但是,如果我们使用sh script.sh
When we add a sleep
step into the pipeline and docker exec...
into the running container, we cannot execute a simple shell script as root, if we are trying to run it with ./script.sh
(even if we set proper file mode with chmod +x script.sh
before) - we also get sh: 1: permission denied
. But we can run the script, if we use sh script.sh
Docker容器内的root
用户具有bash
-而Jenkins尝试使用sh
运行脚本.
The root
user inside the Docker container has a bash
- whereas Jenkins is trying to run the script with sh
.
无论我们是否检查Docker插件模板配置中的run privileged
标志,都将发生错误
The error occurs no matter whether we check the run privileged
flag in the Docker plugin's template configuration or not
我们已经尝试过但没有用的东西
Things we already tried, but didn't work
-
将Docker容器中
root
用户的登录shell更改为/bin/sh
Changing the login shell of the
root
user in the Docker container to/bin/sh
在sh
步骤中提供Shebang,如
Providing a shebang in the sh
step, à la
sh '''#!/bin/sh
echo "hello world"
'''
在Jenkins全局配置中将Shell执行程序设置为/bin/sh
Setting the shell executor to /bin/sh
in the Jenkins global configuration
更改ssh-slave Docker映像的Dockerfile
,以使ENTRYPOINT
不会运行bash
脚本,而是在最后运行/bin/sh
Changing the Dockerfile
of the ssh-slave Docker image in such a way that the ENTRYPOINT
does not run a bash
script, but runs /bin/sh
at the end
感谢您的帮助!
推荐答案
问题是容器中的/home/jenkins
是通过noexec
装载的:
Problem was that /home/jenkins
in the container was mounted with noexec
:
$ mount
/dev/mapper/rhel-var on /home/jenkins type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
潜在的问题是基础主机上的/var
是通过noexec
挂载的(/var
是所有容器文件所在的位置...):
Underlying issue was that the /var
on the underlying host was mounted with noexec
(/var
is where all the container files reside...):
$ mount
/dev/mapper/rhel-var on /var type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
因此,解决此问题的方法是通过/var
挂载为可执行文件.
So the solution to this problem was to mount /var
as executeable on the host via
sudo mount -o remount,exec /var
为我们解决了这个问题.
that solved the issue for us.
这篇关于Jenkinsfile:在Docker容器中运行sh步骤时权限被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!