Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47026

User not completely set in docker containers

    Details

    • Similar Issues:

      Description

      When running a build inside a docker container, some commands don't work because they rely on the user being properly set. For example, ssh doesn't work with the following error:

       

      No user exists for uid 150.

       

      I think this could be solved by append to passwd on container startup, something like this (untested, for proof of concept):

      if [ "$(id -u)" != "0" ]; then

          echo "jenkins:x:$(id -u):$(id -g):Jenkins:${HOME}:/sbin/nologin" >> /etc/passwd

      fi

        Attachments

          Issue Links

            Activity

            Hide
            mslattery Michael Slattery added a comment - - edited

            This workaround worked for me without having to do the Dockerfile workaround.

            environment {
                JAVA_OPTS="-Duser.home=${JENKINS_HOME}"
                MAVEN_OPTS="${JAVA_OPTS}"
                MAVEN_CONFIG="${JENKINS_HOME}/.m2"  // docker/maven specific.
            }
            agent {
                docker {
                    image 'buildtool'
                    args "-e HOME=${JENKINS_HOME}"
                }
            }
            

            I prefer this solution as it universally works with all containers (so far) and we use a few off-the-shelf images that I'd rather not heavily modify.

            I believe most tools will work, including maven, gradle, pip, npm, git, etc.

            Show
            mslattery Michael Slattery added a comment - - edited This workaround worked for me without having to do the Dockerfile workaround. environment { JAVA_OPTS= "-Duser.home=${JENKINS_HOME}" MAVEN_OPTS= "${JAVA_OPTS}" MAVEN_CONFIG= "${JENKINS_HOME}/.m2" // docker/maven specific. } agent { docker { image 'buildtool' args "-e HOME=${JENKINS_HOME}" } } I prefer this solution as it universally works with all containers (so far) and we use a few off-the-shelf images that I'd rather not heavily modify. I believe most tools will work, including maven, gradle, pip, npm, git, etc.
            Hide
            dsorensen Daniel Sorensen added a comment -

            One way you can solve this is by mounting the /etc/passwd file from the Docker host into the container within the docker block in the Jenkins Pipeline configuration.

            args '-v /etc/passwd:/etc/passwd:ro'
            Show
            dsorensen Daniel Sorensen added a comment - One way you can solve this is by mounting the /etc/passwd file from the Docker host into the container within the docker block in the Jenkins Pipeline configuration. args '-v /etc/passwd:/etc/passwd:ro'
            Hide
            weakcamel Waldek M added a comment -

            Depends on your setup; it won't work if you're using LDAP or any other external authentication service.

            Show
            weakcamel Waldek M added a comment - Depends on your setup; it won't work if you're using LDAP or any other external authentication service.
            Hide
            stuck_tech a b added a comment -

            Michael Slattery If I'm understanding your suggestion correctly I believe this just sets the home / working dir for the particular tool to the mapped Jenkins workspace?

            If so that might work on a tool by tool basis in some cases but I don't believe this would solve the root issue for programs like SSH which rely on proper entries in /etc/passwd at a minimum.

            Show
            stuck_tech a b added a comment - Michael Slattery If I'm understanding your suggestion correctly I believe this just sets the home / working dir for the particular tool to the mapped Jenkins workspace? If so that might work on a tool by tool basis in some cases but I don't believe this would solve the root issue for programs like SSH which rely on proper entries in /etc/passwd at a minimum.
            Hide
            stuck_tech a b added a comment -

            We are running from a pre-built image right now for various reasons and ended up doing the groupadd / useradd method but have had to hard-code the details in our base Dockerfiles / layers before build. Very unfortunate workaround. Hopefully this gets fixed at some point.

            Show
            stuck_tech a b added a comment - We are running from a pre-built image right now for various reasons and ended up doing the groupadd / useradd method but have had to hard-code the details in our base Dockerfiles / layers before build. Very unfortunate workaround. Hopefully this gets fixed at some point.

              People

              • Assignee:
                Unassigned
                Reporter:
                edahlseng Eric Dahlseng
              • Votes:
                5 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated: