Reputation: 1181
Jenkins Build Pipeline deleteDIR() issue when running agent docker as root
I'm building my Jenkins pipeline inside of a docker container using docker agent in order to isolate unit tests. Jenkins needs to run as root to allow it to use the top level docker socket. I pass the Jenkins Slave's docker socket in with -v and run as root with -u.
The issue arises when the build is done. Jenkins is unable to clean up the workspace with deleteDirs() in the post step because it is all owned by root after the run.
Running the docker agent as root changes the workspace permissions so jenkins can no longer run the next run, or delete the workspace at the end. After one run if I don't manually go delete the workspace from the slave node its running on it will just fail because on the second run through its now unable to change any files. Thus, I can't clean anything up, and jenkins loses access to it. Also, the docker socket I'm passing in doesn't use the user groups of the jenkins slave node because ubuntu user has access to run docker, however even after adding it to the docker group inside the docker image my agent is running from it still gives me permission issues when I don't specifically run the docker agent as root.
This fails because the ubuntu user of the docker image neb-base doesn't have access to the docker socket. agent { docker { image 'neb-base:1.0.10' args '-u ubuntu -v /var/run/docker.sock:/var/run/docker.sock' //-u root } }
When I run it as root: agent { docker { image 'neb-base:1.0.10' args '-u root -v /var/run/docker.sock:/var/run/docker.sock' //-u root } }
This will fail because the Jenkins node can't clean up the workspace at the end, and on the next run it will have no access to the files because the ownership would've changed.
Any ideas on how to resolve this conflict?
Upvotes: 1
Views: 1435
Answers (1)
Reputation: 1224
I would be interested to know more about your pipeline. However, below is how I would use docker. Use the cloudBees docker plugin and you need not mount the socket manually. Mounting of workspace is also taken care by the plugin. All you need to ensure is both jenkins user on host is either same as in the container or container has a root user.
def image = docker.image(config.dockerImage)
image.pull()
image.inside(dockerOptions) {
sh “mvn -v”
// my other logic
}
Upvotes: 0
Related Questions
- Jenkins Pipeline's deleteDir() fails with java.nio.file.AccessDeniedException exception
- run jenkins pipeline agent with sudo
- Unable to delete docker image via Jenkins pipeline
- Run jenkins agent in docker container, issue with jenkins pipeline and /var/run/docker.socket
- Jenkins pipeline docker agent - docker run error - Failed to run image - java.io.IOException
- Jenkins declarative pipeline with Docker/Dockerfile agent from SCM
- Jenkins using docker agent with environment declarative pipeline
- Using docker command (to host) in docker container with non-root user as Jenkinsfile agent
- Using docker as agent in jenkins pipeline yields to a docker command not found
- Why does my docker build fail on jenkins agent?