我试图使用dockefile代理(无根)Podman (yum安装podman-docker),但sh步骤应该在容器中运行命令挂起。
FROM registry.access.redhat.com/ubi8/python-36:1-164
COPY requirements.txt .
RUN pip install -r requirements.txt
pipeline {
agent {
dockerfile true
}
stages {
stage "stage", {
steps {
sh "echo hello"
}
}
}
}
Jenkins然后告诉(在挂了更长的时间之后)"进程显然从未开始">
[Pipeline] { (Generate CryptoStore dist zip)
[Pipeline] sh
process apparently never started in /var/lib/jenkins/workspace/--%<--@tmp/durable-5572a21e
(running Jenkins temporarily with -Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true might make the problem clearer)
[Pipeline] }
设置LAUNCH_DIAGNOSTICS,它告诉
sh: /var/lib/jenkins/workspace/--%<--@2@tmp/durable-baac9648/jenkins-log.txt: Permission denied
sh: /var/lib/jenkins/workspace/--%<--@2@tmp/durable-baac9648/jenkins-result.txt.tmp: Permission denied
touch: cannot touch '/var/lib/jenkins/workspace/--%<--@2@tmp/durable-baac9648/jenkins-log.txt': Permission denied
mv: cannot stat '/var/lib/jenkins/workspace/--%<--@2@tmp/durable-baac9648/jenkins-result.txt.tmp': No such file or directory
touch: cannot touch '/var/lib/jenkins/workspace/--%<--@2@tmp/durable-baac9648/jenkins-log.txt': Permission denied
[...]
我看到Jenkins用-u选项启动容器,对应于启动容器的代理运行时的用户,但是podman以root用户挂载卷。
如何修复或解决这个问题?插件似乎没有一个选项来覆盖用户,添加自定义-u选项到args似乎没有帮助,docker run詹金斯显示然后只是包含两个-u选项,但第一个(詹金斯一个)似乎被使用…
查看如何更改卷挂载的用户,我发现了以下故障排除信息:传入的设备或文件无法在无根容器中访问(UID/GID映射问题)
描述了一些解决方法,但也包含了这个提示:
旁注:使用
--userns=keep-id有时也是一种选择解决方案,但它强制将普通用户的主机UID映射到在容器内使用相同的UID,因此它提供的灵活性不如使用--uidmap和--gidmap.
由于Jenkins偷走了我们的灵活性,我将args "--userns=keep-id"添加到我的dockerfile选项中,现在它工作得很好。:)
pipeline {
agent {
dockerfile {
filename 'Containerfile'
// Jenkins sets the user in the container to the same one running it
// Using (rootless) podman as docker this breaks the -v volume mounts because the user in the container is mapped to a different one on the host.
// this options disables that mapping, so the uid inside and outside match again.
args "--userns=keep-id"
}
}
stages {
stage "Generate CryptoStore dist zip", {
steps {
sh "echo hello"
}
}
}
}