Jenkinsfile:在 Docker 容器中运行 sh 步骤时权限被拒绝 [英] Jenkinsfile: permission denied when running sh step in Docker container
问题描述
我无法运行一个简单的 Jenkinsfile - 例如
管道{代理{标签'ssh-slave'}阶段{阶段(外壳测试"){脚步 {sh '回声你好世界"'}}}}主服务器上 Jenkins 的日志文件显示容器已成功启动,但构建作业崩溃并显示如下消息
sh: 1:/home/jenkins/workspace/pipeline@tmp/durable-34c21b81/script.sh: 权限被拒绝以下是我们配置/发现的一些额外内容:
我们正在使用 RHEL 的 VM 上运行代理
我们正在使用 Docker 插件 来启动 Jenkins/在单独的 Jenkins 代理上管理容器
我们正在使用 Jenkins 插件中的
Connect with ssh方法启动 Docker 容器,并使用 jenkinsci/ssh-slave Docker 镜像Jenkins 在 Docker 容器中使用
root用户(至少/home/jenkins/...中的所有文件都是以 root 身份创建的p>当我们在管道中添加
sleep步骤并将docker exec...到正在运行的容器中时,我们无法以 root 身份执行简单的 shell 脚本,如果我们试图用./script.sh运行它(即使我们之前用chmod +x script.sh设置了正确的文件模式) - 我们也会得到sh: 1: 权限被拒绝.但是我们可以运行脚本,如果我们使用sh script.shDocker 容器内的
root用户有一个bash- 而 Jenkins 正在尝试使用sh运行脚本.无论我们是否检查Docker插件模板配置中的
run privileged标志,都会发生错误
我们已经尝试过但没有成功的方法
将Docker容器中
root用户的登录shell改为/bin/sh在
sh步骤中提供 shebang,就像sh '''#!/bin/sh回声你好世界"'''
在 Jenkins 全局配置中将 shell 执行器设置为
/bin/sh更改 ssh-slave Docker 映像的
Dockerfile,使ENTRYPOINT不运行bash脚本,但在最后运行/bin/sh
感谢任何帮助!
问题是容器中的/home/jenkins被noexec挂载了:
$ mount/home/jenkins 上的/dev/mapper/rhel-var 类型 xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)潜在问题是底层主机上的 /var 是使用 noexec 挂载的(/var 是所有容器文件所在的位置...):
$ mount/dev/mapper/rhel-var on/var type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)所以解决这个问题的方法是把 /var 挂载到主机上通过
sudo mount -o remount,exec/var这为我们解决了问题.
I have trouble running a simple Jenkinsfile - e.g.
pipeline {
agent { label 'ssh-slave' }
stages {
stage('Shell Test') {
steps {
sh 'echo "Hello World"'
}
}
}
}
The logfiles of Jenkins on the master show that the container was started successfully but the build job crashes with a message like
sh: 1: /home/jenkins/workspace/pipeline@tmp/durable-34c21b81/script.sh: Permission denied
Here are some additional things that we configured / figured out:
We are running the agent on a VM with RHEL
We are using the Docker Plugin for Jenkins to start / manage the containers on a separate Jenkins agent
We are spinning up the Docker container using the
Connect with sshmethod in the Jenkins plugin and use the jenkinsci/ssh-slave Docker imageJenkins is using the
rootuser in the Docker container (at least all files within/home/jenkins/...are created as rootWhen we add a
sleepstep into the pipeline anddocker exec...into the running container, we cannot execute a simple shell script as root, if we are trying to run it with./script.sh(even if we set proper file mode withchmod +x script.shbefore) - we also getsh: 1: permission denied. But we can run the script, if we usesh script.shThe
rootuser inside the Docker container has abash- whereas Jenkins is trying to run the script withsh.The error occurs no matter whether we check the
run privilegedflag in the Docker plugin's template configuration or not
Things we already tried, but didn't work
Changing the login shell of the
rootuser in the Docker container to/bin/shProviding a shebang in the
shstep, à lash '''#!/bin/sh echo "hello world" '''
Setting the shell executor to
/bin/shin the Jenkins global configurationChanging the
Dockerfileof the ssh-slave Docker image in such a way that theENTRYPOINTdoes not run abashscript, but runs/bin/shat the end
Any help is appreciated!
Problem was that /home/jenkins in the container was mounted with noexec:
$ mount
/dev/mapper/rhel-var on /home/jenkins type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
Underlying issue was that the /var on the underlying host was mounted with noexec (/var is where all the container files reside...):
$ mount
/dev/mapper/rhel-var on /var type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
So the solution to this problem was to mount /var as executeable on the host via
sudo mount -o remount,exec /var
that solved the issue for us.
这篇关于Jenkinsfile:在 Docker 容器中运行 sh 步骤时权限被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
