Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47026

User not completely set in docker containers

    Details

    • Similar Issues:

      Description

      When running a build inside a docker container, some commands don't work because they rely on the user being properly set. For example, ssh doesn't work with the following error:

       

      No user exists for uid 150.

       

      I think this could be solved by append to passwd on container startup, something like this (untested, for proof of concept):

      if [ "$(id -u)" != "0" ]; then

          echo "jenkins:x:$(id -u):$(id -g):Jenkins:${HOME}:/sbin/nologin" >> /etc/passwd

      fi

        Attachments

          Issue Links

            Activity

            Hide
            weakcamel Waldek M added a comment -

            I took the liberty to link issue JENKINS-49416 which is also a consequence of how is spinning Docker containers with an arbitrary user / group / entry point script.

            Show
            weakcamel Waldek M added a comment - I took the liberty to link issue JENKINS-49416 which is also a consequence of how is spinning Docker containers with an arbitrary user / group / entry point script.
            Hide
            aliusmiles Taras Bondarchuk added a comment - - edited

            Since I'm building agent from Dockerfile anyway, I've fixed this by:

             

            agent {
               dockerfile {
                  additionalBuildArgs '--build-arg USER_ID=$(id -u) --build-arg GROUP_ID=$(id -g)'
               }
            }
            

            and in Dockerfile:

             

            ARG USER_ID=1000
            ARG GROUP_ID=1000
            RUN groupadd -g $GROUP_ID user && \
                useradd -u $USER_ID -s /bin/sh -g user user
            
            Show
            aliusmiles Taras Bondarchuk added a comment - - edited Since I'm building agent from Dockerfile anyway, I've fixed this by:   agent { dockerfile { additionalBuildArgs '--build-arg USER_ID=$(id -u) --build-arg GROUP_ID=$(id -g)' } } and in Dockerfile:   ARG USER_ID=1000 ARG GROUP_ID=1000 RUN groupadd -g $GROUP_ID user && \ useradd -u $USER_ID -s /bin/sh -g user user
            Hide
            weakcamel Waldek M added a comment - - edited

            Thanks for sharing the workaround, Taras Bondarchuk!

             

            Interestingly, passing such arguments to the prebuilt image with a `docker` closure did not work for me

             

            agent {
                docker {
                  image 'foo'
                  args '--env USER_ID=$(id -u){{ --env GROUP_ID=$(id -g)'
                }   
            }

            The values passed were literally "$(id -u)" (not interpreted.

            I'll give it a go and see.

            Show
            weakcamel Waldek M added a comment - - edited Thanks for sharing the workaround, Taras Bondarchuk !   Interestingly, passing such arguments to the prebuilt image with a `docker` closure did not work for me   agent {     docker {       image 'foo'       args '--env USER_ID=$(id -u){{ --env GROUP_ID=$(id -g)'     }    } The values passed were literally " $(id -u) " (not interpreted. I'll give it a go and see.
            Hide
            weakcamel Waldek M added a comment -

            Just for the record: Dockerfile workaround worked fine. Thank you!

            Show
            weakcamel Waldek M added a comment - Just for the record: Dockerfile workaround worked fine. Thank you!
            Hide
            mslattery Michael Slattery added a comment - - edited

            This workaround worked for me without having to do the Dockerfile workaround.

            environment {
                JAVA_OPTS="-Duser.home=${JENKINS_HOME}"
                MAVEN_OPTS="${JAVA_OPTS}"
                MAVEN_CONFIG="${JENKINS_HOME}/.m2"  // docker/maven specific.
            }
            agent {
                docker {
                    image 'buildtool'
                    args "-e HOME=${JENKINS_HOME}"
                }
            }
            

            I prefer this solution as it universally works with all containers (so far) and we use a few off-the-shelf images that I'd rather not heavily modify.

            I believe most tools will work, including maven, gradle, pip, npm, git, etc.

            Show
            mslattery Michael Slattery added a comment - - edited This workaround worked for me without having to do the Dockerfile workaround. environment { JAVA_OPTS= "-Duser.home=${JENKINS_HOME}" MAVEN_OPTS= "${JAVA_OPTS}" MAVEN_CONFIG= "${JENKINS_HOME}/.m2" // docker/maven specific. } agent { docker { image 'buildtool' args "-e HOME=${JENKINS_HOME}" } } I prefer this solution as it universally works with all containers (so far) and we use a few off-the-shelf images that I'd rather not heavily modify. I believe most tools will work, including maven, gradle, pip, npm, git, etc.

              People

              • Assignee:
                Unassigned
                Reporter:
                edahlseng Eric Dahlseng
              • Votes:
                5 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated: