Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-58766

kubernetes-plugin access denied after update to 1.18.0

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: kubernetes-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.187,
      kubernetes-plugin 1.18.0
    • Similar Issues:
    • Released As:
      1.18.2

      Description

      After updating to kubernetes-plugin 1.18.0 I got an error when using the old /home/jenkins directory inside of a pod template definition. Using /home/jenkins/agent in the pod templates worked, however. The error was:

      Also:   hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from ............(hidden).............
      		at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1743)
      		at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357)
      		at hudson.remoting.Channel.call(Channel.java:957)
      		at hudson.FilePath.act(FilePath.java:1072)
      		at hudson.FilePath.act(FilePath.java:1061)
      		at hudson.FilePath.mkdirs(FilePath.java:1246)
      		at hudson.plugins.git.GitSCM.createClient(GitSCM.java:821)
      		at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1169)
      		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:124)
      		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:93)
      		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:80)
      		at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
      		at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      		at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      		at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      		at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      		at java.lang.Thread.run(Thread.java:745)
      java.nio.file.AccessDeniedException: /home/jenkins/workspace
      	at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
      	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
      	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
      	at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
      	at java.nio.file.Files.createDirectory(Files.java:674)
      	at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
      	at java.nio.file.Files.createDirectories(Files.java:767)
      	at hudson.FilePath.mkdirs(FilePath.java:3239)
      	at hudson.FilePath.access$1300(FilePath.java:212)
      	at hudson.FilePath$Mkdirs.invoke(FilePath.java:1254)
      	at hudson.FilePath$Mkdirs.invoke(FilePath.java:1250)
      	at hudson.FilePath$FileCallableWrapper.call(FilePath.java:3052)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:212)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:54)
      	at hudson.remoting.Request$2.run(Request.java:369)
      	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93)
      	at java.lang.Thread.run(Thread.java:748)
      Finished: FAILURE
      

      This might have sth. to do with using the default jnlp container that most likely now uses the new directory `/home/jenkins/agent` ) and custom additional containers still using the old home directory `/home/jenkins`.

      *Steps to reproduce*
      1. create pod template with default jnlp container by not specifying said jnlp container
      2. add an additional container using /home/jenkins as home directory

      *Workaround*
      Use the new default directory /home/jenkins/agent in all containers

      *Related Issues/PR*
      https://issues.jenkins-ci.org/browse/JENKINS-58705
      https://github.com/jenkinsci/kubernetes-plugin/pull/559

        Attachments

          Issue Links

            Activity

            Hide
            vlatombe Vincent Latombe added a comment -

            Steffen Seckler Could you be more explicit by providing an example of pod template definition (either config.xml or snippet of Jenkinsfile) ?

            Show
            vlatombe Vincent Latombe added a comment - Steffen Seckler Could you be more explicit by providing an example of pod template definition (either config.xml or snippet of Jenkinsfile) ?
            Hide
            seckler Steffen Seckler added a comment - - edited

            I have reduced the config a bit to only show one pod template and only two containers.
            URLs have been replaced. (marked with <!-- replaced url -->)
            It contains the already fixed directory marked with <!-- this is the problematic line -->

            <clouds>
                <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@1.18.0">
                  <name>kubernetes on openshift pproc</name>
                  <defaultsProviderTemplate></defaultsProviderTemplate>
                  <templates>
                    <org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
                      <inheritFrom></inheritFrom>
                      <name>default-jenkins-openshift-slave</name>
                      <namespace>ls1autopasjenkins</namespace>
                      <privileged>false</privileged>
                      <capOnlyOnAlivePods>false</capOnlyOnAlivePods>
                      <alwaysPullImage>false</alwaysPullImage>
                      <instanceCap>3</instanceCap>
                      <slaveConnectTimeout>3600</slaveConnectTimeout>
                      <idleMinutes>0</idleMinutes>
                      <activeDeadlineSeconds>0</activeDeadlineSeconds>
                      <label>openshift-autoscale</label>
                      <nodeSelector></nodeSelector>
                      <nodeUsageMode>EXCLUSIVE</nodeUsageMode>
                      <customWorkspaceVolumeEnabled>false</customWorkspaceVolumeEnabled>
                      <workspaceVolume class="org.csanchez.jenkins.plugins.kubernetes.volumes.workspace.EmptyDirWorkspaceVolume">
                        <memory>false</memory>
                      </workspaceVolume>
                      <volumes/>
                      <containers>
                        <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
                          <name>ls1-docker</name>
                          <image>docker-registry.default.svc:5000/ls1autopasjenkins/ls1-mardyn-image</image>
                          <privileged>false</privileged>
                          <alwaysPullImage>true</alwaysPullImage>
                          <workingDir>/home/jenkins/agent</workingDir><!-- this is the problematic line -->
                          <command>/bin/sh -c</command>
                          <args>cat</args>
                          <ttyEnabled>true</ttyEnabled>
                          <resourceRequestCpu>20</resourceRequestCpu>
                          <resourceRequestMemory></resourceRequestMemory>
                          <resourceLimitCpu>20</resourceLimitCpu>
                          <resourceLimitMemory></resourceLimitMemory>
                          <envVars/>
                          <ports/>
                          <livenessProbe>
                            <execArgs></execArgs>
                            <timeoutSeconds>0</timeoutSeconds>
                            <initialDelaySeconds>0</initialDelaySeconds>
                            <failureThreshold>0</failureThreshold>
                            <periodSeconds>0</periodSeconds>
                            <successThreshold>0</successThreshold>
                          </livenessProbe>
                        </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
                        <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
                          <name>autopas-gcc7-cmake-make</name>
                          <image>autopas/autopas-build-gcc</image>
                          <privileged>false</privileged>
                          <alwaysPullImage>true</alwaysPullImage>
                          <workingDir>/home/jenkins/agent</workingDir><!-- this is the problematic line -->
                          <command>/bin/sh -c</command>
                          <args>cat</args>
                          <ttyEnabled>true</ttyEnabled>
                          <resourceRequestCpu>0</resourceRequestCpu>
                          <resourceRequestMemory></resourceRequestMemory>
                          <resourceLimitCpu>5</resourceLimitCpu>
                          <resourceLimitMemory></resourceLimitMemory>
                          <envVars/>
                          <ports/>
                          <livenessProbe>
                            <execArgs></execArgs>
                            <timeoutSeconds>0</timeoutSeconds>
                            <initialDelaySeconds>0</initialDelaySeconds>
                            <failureThreshold>0</failureThreshold>
                            <periodSeconds>0</periodSeconds>
                            <successThreshold>0</successThreshold>
                          </livenessProbe>
                        </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
                      </containers>
                      <envVars/>
                      <annotations/>
                      <imagePullSecrets/>
                      <nodeProperties/>
                      <yamls class="empty-list"/>
                      <yamlMergeStrategy class="org.csanchez.jenkins.plugins.kubernetes.pod.yaml.Overrides"/>
                      <showRawYaml>true</showRawYaml>
                      <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Default"/>
                    </org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
                  </templates>
                  <serverUrl>https://SERVERURL:8443</serverUrl><!--replaced url-->
                  <skipTlsVerify>true</skipTlsVerify>
                  <addMasterProxyEnvVars>false</addMasterProxyEnvVars>
                  <capOnlyOnAlivePods>false</capOnlyOnAlivePods>
                  <namespace>ls1autopasjenkins</namespace>
                  <jenkinsUrl>http://JENKINSURL</jenkinsUrl><!--replaced url-->
                  <credentialsId>SECRET</credentialsId><!-- replaced secret name -->
                  <containerCap>5</containerCap>
                  <retentionTimeout>180</retentionTimeout>
                  <connectTimeout>0</connectTimeout>
                  <readTimeout>0</readTimeout>
                  <podLabels/>
                  <usageRestricted>false</usageRestricted>
                  <maxRequestsPerHost>60000</maxRequestsPerHost>
                  <waitForPodSec>1000</waitForPodSec>
                  <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Never"/>
                </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
              </clouds>
            
            Show
            seckler Steffen Seckler added a comment - - edited I have reduced the config a bit to only show one pod template and only two containers. URLs have been replaced. (marked with <!-- replaced url -->) It contains the already fixed directory marked with <!-- this is the problematic line --> <clouds> <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin= "kubernetes@1.18.0" > <name> kubernetes on openshift pproc </name> <defaultsProviderTemplate> </defaultsProviderTemplate> <templates> <org.csanchez.jenkins.plugins.kubernetes.PodTemplate> <inheritFrom> </inheritFrom> <name> default-jenkins-openshift-slave </name> <namespace> ls1autopasjenkins </namespace> <privileged> false </privileged> <capOnlyOnAlivePods> false </capOnlyOnAlivePods> <alwaysPullImage> false </alwaysPullImage> <instanceCap> 3 </instanceCap> <slaveConnectTimeout> 3600 </slaveConnectTimeout> <idleMinutes> 0 </idleMinutes> <activeDeadlineSeconds> 0 </activeDeadlineSeconds> <label> openshift-autoscale </label> <nodeSelector> </nodeSelector> <nodeUsageMode> EXCLUSIVE </nodeUsageMode> <customWorkspaceVolumeEnabled> false </customWorkspaceVolumeEnabled> <workspaceVolume class= "org.csanchez.jenkins.plugins.kubernetes.volumes.workspace.EmptyDirWorkspaceVolume" > <memory> false </memory> </workspaceVolume> <volumes/> <containers> <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate> <name> ls1-docker </name> <image> docker-registry.default.svc:5000/ls1autopasjenkins/ls1-mardyn-image </image> <privileged> false </privileged> <alwaysPullImage> true </alwaysPullImage> <workingDir> /home/jenkins/agent </workingDir> <!-- this is the problematic line --> <command> /bin/sh -c </command> <args> cat </args> <ttyEnabled> true </ttyEnabled> <resourceRequestCpu> 20 </resourceRequestCpu> <resourceRequestMemory> </resourceRequestMemory> <resourceLimitCpu> 20 </resourceLimitCpu> <resourceLimitMemory> </resourceLimitMemory> <envVars/> <ports/> <livenessProbe> <execArgs> </execArgs> <timeoutSeconds> 0 </timeoutSeconds> <initialDelaySeconds> 0 </initialDelaySeconds> <failureThreshold> 0 </failureThreshold> <periodSeconds> 0 </periodSeconds> <successThreshold> 0 </successThreshold> </livenessProbe> </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate> <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate> <name> autopas-gcc7-cmake-make </name> <image> autopas/autopas-build-gcc </image> <privileged> false </privileged> <alwaysPullImage> true </alwaysPullImage> <workingDir> /home/jenkins/agent </workingDir> <!-- this is the problematic line --> <command> /bin/sh -c </command> <args> cat </args> <ttyEnabled> true </ttyEnabled> <resourceRequestCpu> 0 </resourceRequestCpu> <resourceRequestMemory> </resourceRequestMemory> <resourceLimitCpu> 5 </resourceLimitCpu> <resourceLimitMemory> </resourceLimitMemory> <envVars/> <ports/> <livenessProbe> <execArgs> </execArgs> <timeoutSeconds> 0 </timeoutSeconds> <initialDelaySeconds> 0 </initialDelaySeconds> <failureThreshold> 0 </failureThreshold> <periodSeconds> 0 </periodSeconds> <successThreshold> 0 </successThreshold> </livenessProbe> </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate> </containers> <envVars/> <annotations/> <imagePullSecrets/> <nodeProperties/> <yamls class= "empty-list" /> <yamlMergeStrategy class= "org.csanchez.jenkins.plugins.kubernetes.pod.yaml.Overrides" /> <showRawYaml> true </showRawYaml> <podRetention class= "org.csanchez.jenkins.plugins.kubernetes.pod.retention.Default" /> </org.csanchez.jenkins.plugins.kubernetes.PodTemplate> </templates> <serverUrl> https://SERVERURL:8443 </serverUrl> <!--replaced url--> <skipTlsVerify> true </skipTlsVerify> <addMasterProxyEnvVars> false </addMasterProxyEnvVars> <capOnlyOnAlivePods> false </capOnlyOnAlivePods> <namespace> ls1autopasjenkins </namespace> <jenkinsUrl> http://JENKINSURL </jenkinsUrl> <!--replaced url--> <credentialsId> SECRET </credentialsId> <!-- replaced secret name --> <containerCap> 5 </containerCap> <retentionTimeout> 180 </retentionTimeout> <connectTimeout> 0 </connectTimeout> <readTimeout> 0 </readTimeout> <podLabels/> <usageRestricted> false </usageRestricted> <maxRequestsPerHost> 60000 </maxRequestsPerHost> <waitForPodSec> 1000 </waitForPodSec> <podRetention class= "org.csanchez.jenkins.plugins.kubernetes.pod.retention.Never" /> </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud> </clouds>
            Hide
            jonesbusy Valentin Delaye added a comment -

            Thanks for the fix. We had same issue. Upgrading from 1.17.* to 1.18 broke our Jenkins

            Show
            jonesbusy Valentin Delaye added a comment - Thanks for the fix. We had same issue. Upgrading from 1.17.* to 1.18 broke our Jenkins

              People

              • Assignee:
                vlatombe Vincent Latombe
                Reporter:
                seckler Steffen Seckler
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: