Jenkinsfile:在 Docker 容器中运行 sh 步骤时权限被拒绝 [英] Jenkinsfile: permission denied when running sh step in Docker container
问题描述
我无法运行一个简单的 Jenkinsfile
- 例如
管道{代理{标签'ssh-slave'}阶段{阶段(外壳测试"){脚步 {sh '回声你好世界"'}}}}
主服务器上 Jenkins 的日志文件显示容器已成功启动,但构建作业崩溃并显示如下消息
sh: 1:/home/jenkins/workspace/pipeline@tmp/durable-34c21b81/script.sh: 权限被拒绝
以下是我们配置/发现的一些额外内容:
我们正在使用 RHEL 的 VM 上运行代理
我们正在使用 Docker 插件 来启动 Jenkins/在单独的 Jenkins 代理上管理容器
我们正在使用 Jenkins 插件中的
Connect with ssh
方法启动 Docker 容器,并使用 jenkinsci/ssh-slave Docker 镜像Jenkins 在 Docker 容器中使用
root
用户(至少/home/jenkins/...
中的所有文件都是以 root 身份创建的p>当我们在管道中添加
sleep
步骤并将docker exec...
到正在运行的容器中时,我们无法以 root 身份执行简单的 shell 脚本,如果我们试图用./script.sh
运行它(即使我们之前用chmod +x script.sh
设置了正确的文件模式) - 我们也会得到sh: 1: 权限被拒绝
.但是我们可以运行脚本,如果我们使用sh script.sh
Docker 容器内的
root
用户有一个bash
- 而 Jenkins 正在尝试使用sh
运行脚本.无论我们是否检查Docker插件模板配置中的
run privileged
标志,都会发生错误
我们已经尝试过但没有成功的方法
将Docker容器中
root
用户的登录shell改为/bin/sh
在
sh
步骤中提供 shebang,就像sh '''#!/bin/sh回声你好世界"'''
在 Jenkins 全局配置中将 shell 执行器设置为
/bin/sh
更改 ssh-slave Docker 映像的
Dockerfile
,使ENTRYPOINT
不运行bash
脚本,但在最后运行/bin/sh
感谢任何帮助!
问题是容器中的/home/jenkins
被noexec
挂载了:
$ mount/home/jenkins 上的/dev/mapper/rhel-var 类型 xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
潜在问题是底层主机上的 /var
是使用 noexec
挂载的(/var
是所有容器文件所在的位置...):
$ mount/dev/mapper/rhel-var on/var type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
所以解决这个问题的方法是把 /var
挂载到主机上通过
sudo mount -o remount,exec/var
这为我们解决了问题.
I have trouble running a simple Jenkinsfile
- e.g.
pipeline {
agent { label 'ssh-slave' }
stages {
stage('Shell Test') {
steps {
sh 'echo "Hello World"'
}
}
}
}
The logfiles of Jenkins on the master show that the container was started successfully but the build job crashes with a message like
sh: 1: /home/jenkins/workspace/pipeline@tmp/durable-34c21b81/script.sh: Permission denied
Here are some additional things that we configured / figured out:
We are running the agent on a VM with RHEL
We are using the Docker Plugin for Jenkins to start / manage the containers on a separate Jenkins agent
We are spinning up the Docker container using the
Connect with ssh
method in the Jenkins plugin and use the jenkinsci/ssh-slave Docker imageJenkins is using the
root
user in the Docker container (at least all files within/home/jenkins/...
are created as rootWhen we add a
sleep
step into the pipeline anddocker exec...
into the running container, we cannot execute a simple shell script as root, if we are trying to run it with./script.sh
(even if we set proper file mode withchmod +x script.sh
before) - we also getsh: 1: permission denied
. But we can run the script, if we usesh script.sh
The
root
user inside the Docker container has abash
- whereas Jenkins is trying to run the script withsh
.The error occurs no matter whether we check the
run privileged
flag in the Docker plugin's template configuration or not
Things we already tried, but didn't work
Changing the login shell of the
root
user in the Docker container to/bin/sh
Providing a shebang in the
sh
step, à lash '''#!/bin/sh echo "hello world" '''
Setting the shell executor to
/bin/sh
in the Jenkins global configurationChanging the
Dockerfile
of the ssh-slave Docker image in such a way that theENTRYPOINT
does not run abash
script, but runs/bin/sh
at the end
Any help is appreciated!
Problem was that /home/jenkins
in the container was mounted with noexec
:
$ mount
/dev/mapper/rhel-var on /home/jenkins type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
Underlying issue was that the /var
on the underlying host was mounted with noexec
(/var
is where all the container files reside...):
$ mount
/dev/mapper/rhel-var on /var type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
So the solution to this problem was to mount /var
as executeable on the host via
sudo mount -o remount,exec /var
that solved the issue for us.
这篇关于Jenkinsfile:在 Docker 容器中运行 sh 步骤时权限被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!