Problem letting Jenkins install Groovy on nodes - jenkins

I'm trying to setup Groovy in jenkins, so that it automatically is installed on an agent when performing jobs on it.
This is my global configuration:
This is my groovy build-step:
When I run the job, I get this error:
The user testrpm does have sudo rights. Where is the problem ?

I wouldn't install groovy on agent nodes. You should just use groovy wrapper which will download the groovy and run that without needing to install anything into directories jenkins doesn't have permissions for.
Short of that I would NOT grant sudo rights to testrpm either. That's going to be bad mojo. Instead you can add testrpm to a group that allows right access to /opt or /opt/groovy-4.0.0. You are unzipping something into a nested directory so you'll have to grant access to /opt to write to that directory which could be dangerous if you have other things in that directory. You may nest it in a subdirectory to isolate it from other things. If you do these steps on the machine using a user with sudo rights (not in your build script) then it should work:
sudo mkdir /opt/jenkins
sudo chgrp jenkins /opt/jenkins
sudo usermod -a -G jenkins testrpm
sudo chmod 770 /opt/jenkins
Another option would be to pick a directoy testrpm already has write access to that without needing to grant permissions to it.

Related

Why is this Todo app build failing in Jenkins when deploying on AWS Linux using Docker file in WSL2?

So I was trying to deploy a simple CD pipeline using docker by ssh’ing into my AWS Linux EC2 instance in the WSL2 terminal. The job is failing every time returning the following error:
Started by user Navdeep Singh Running as SYSTEM Building on the
built-in node in workspace /var/lib/jenkins/workspace/todo-dev
[todo-dev] $ /bin/sh -xe /tmp/jenkins6737039323529850559.sh + cd
/home/ubuntu/project/django-todo /tmp/jenkins6737039323529850559.sh:
2: cd: can’t cd to /home/ubuntu/project/django-todo Build step
‘Execute shell’ marked build as failure Finished: FAILURE
DockerFile contents:
FROM python:3 RUN pip install django==3.2
COPY . .
RUN python manage.py migrate
CMD [“python”,“manage.py”,“runserver”,“0.0.0.0:8000”]
Everything goes fine. This error cd: can’t cd to /home/ubuntu/project/django-todo Build step ‘Execute shell’ marked build as failure Finished: FAILURE is not an actual.
Your agent Node is not online.
To fix the problem, find commands on your jenkins web page after an agent setup. You need to run those commands from your terminal. See the screenshot for more details.
Make sure that your jenkins public IP and node agent public IP are the same. If an error occurs, you need to run some commands on the terminal. This is not a real error.
this issue follow this step which i give you
For Agent--->
change your ip here(44.203.138.174:8080) to your EC2 ip
1.curl -sO http://44.203.138.174:8080/jnlpJars/agent.jar
2.java -jar agent.jar -jnlpUrl http://44.203.138.174:8080/manage/computer/todo%2Dagent/jenkins-agent.jnlp -secret beb62de0f81bfd06e4cd81d1b896d85d38f82b87b21ef8baef3389e651c9f72c -workDir "/home/ubuntu"
For JOb --->
sudo vi /etc/sudoers
then add this command below root access in sudoers file
jenkins ALL=(ALL) NOPASSWD: ALL
3.then goto the ubuntu directory using cd .. then run this codes
grep ^ubuntu /etc/group
id jenkins
sudo adduser jenkins ubuntu
grep ^ubuntu /etc/group
4.restart the jenkins relogin
sudo systemctl stop jenkins
then you good to go

Starting ssh service through ENTRYPOINT not working

I'm having a lot of difficulties running an linux container with SSH service on it. To skip the details, SSH is not optional, I must have it.
I installed the openssh-server with:
RUN
echo "**** Setting up openssh-server ****" &&
apt-get install -y openssh-server &&
sed -i "s|# PasswordAuthentication yes|PasswordAuthentication yes|g" /etc/ssh/sshd_config &&
mkdir /var/run/sshd
And am trying to open the service with:
ENTRYPOINT service ssh restart && bash
However it does not work. I tried in multiple way to get it started, by using CMD, by making a script that would start the service, and it's not working. What's worse is that this seems to have worked for others (pull access denied repository does not exist or may require docker login)
The image that I am using as base is ubuntu:18.04. However I switched to jre/systemd-ubuntu:18.04 as I thought the lack of systemd could prevent the service from running however that did not work either. Any suggestions what the possibly issue could be?
I managed to get my service to run, as a first advice I recommend making sure that the service runs by itself before putting it together with other services. In my case it seems the ssh service was not being started because a previous non-returning service was started which would keep the shell occupied and would not let it continue it's ENTRYPOINT execution to start the SSH.
One other thing that I had done previously and could have been part of the solution is that I manually created the folder /var/run/sshd. It seems some ssh service versions need that to exist otherwise they won't run. At this point I can't verify though if that was the only issue, as I've tried multiple solution at once.

Jenkins cannot read /home/hudson/.ssh/id_rsa

I installed jenkins this way : https://linuxize.com/post/how-to-install-jenkins-on-debian-9/
Basically sudo apt install jenkins while logged as root
I then created a hudson user and used ssh-keygen to generate a pair of keys.
I then tried to use the public key in the gerrit-trigger plugin (https://plugins.jenkins.io/gerrit-trigger/)
However it tells me /home/hudson/.ssh/id_rsa does not exist.
I'm guessing it's a permission issue. when I use apt install jenkins is there a way to specify in user hudson ?
Thnaks.
Seems you created ssh keys using root user. You need to create ssh keys while logged in as hudson user or you can change path to /root/.ssh/id_rsa
If you want to use hudson user's path, login to hudson user first,
sudo su - hudson
Then create ssh key pair:
ssh-keygen
Then you can confirm files using list command
ls -a /home/hudson/
if you see id_rsa file there, then you can put its address /home/hudson/id_rsa
It seems this is permission related issue. Please change the permissions of all files in .ssh folder in /var/lib/jenkins to jenkins.
chown jenkins:jenkins /var/lib/jenkins/.ssh && chown jenkins:jenkins /var/lib/jenkins/.ssh/*
chmod 700 /var/lib/jenkins/.ssh && chmod 600 /var/lib/jenkins/.ssh/*
Also make similar configuration for hudson user's ssh key:
su - hudson
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
Jenkins installation created a jenkins user in debian.
I had do su - jenkins and then create a ssh key pair for it ssh-keygen
Then the jenkins UI is able to read this one located in /var/lib/jenkins/.ssh/id_rsa

How to install JIRA-SERVER on OPEN-SHIFT (docker-image)

Im trying to installing jira-server via docker-image on openshift.
I pulled the image from docker-desktop for windows. Added simple dockerfile includes USER ROOT etc.
When trying to deploy the pod. I get error and pod enters to loop.
The errror is: Permission Error in diffrent locations.
Tried many times to relocate the jira-home directory but without success.
(Trying to install on closed network)
Thanks for helping!
Short Answer
The official Atlassian Images are incompatible with Kubernetes Derivatives /e.g. Openshift as they violate some key concepts.
In Openshift for example, containers are running with arbitrary user ids, which means a nameless user is executing the processes in the container.
This is a safety mechanism, prevents containers running as root and limits the risk of escaping the container gaining privileges on the cluster host.
Solution
You do need to rebuild the image from scratch.
Furthermore, the behaviour of the startup python script trying to modify file system permissions need to be removed.
Clone official Repo
https://bitbucket.org/atlassian-docker/docker-atlassian-jira/src/master/
Modify the Dockerfile and add to the UserGroup creation Step:
RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \
...
&& chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_HOME} \
# make the image compatible to run as an arbitrary uid
&& chgrp -R 0 /etc/container_id \
&& chmod -R g=u /etc/container_id \
&& chmod -R 460 /etc/container_id \
&& chgrp -R 0 ${JIRA_INSTALL_DIR} \
&& chmod -R g=u ${JIRA_INSTALL_DIR} \
&& chgrp -R 0 ${JIRA_HOME} \
&& chmod -R g=u ${JIRA_HOME}
Modify the gen_cfg function from entrypoint_helpers.py and remove the else clause at the end.
The necessary permissions have already been set in step2.
def gen_cfg(tmpl, target, user='root', group='root', mode=0o644, overwrite=True):
if not overwrite and os.path.exists(target):
logging.info(f"{target} exists; skipping.")
return
logging.info(f"Generating {target} from template {tmpl}")
cfg = jenv.get_template(tmpl).render(env)
try:
with open(target, 'w') as fd:
fd.write(cfg)
except (OSError, PermissionError):
logging.warning(f"Container not started as root. Bootstrapping skipped for '{target}'")
# else:
# set_perms(target, user, group, mode)
Rebuild the image using the --build-arg JIRA_VERSION= --build-arg ARTEFACT_NAME
Run and Enjoy
Detail inspection
Firing up the atlassian images, user root is the first to enter, doing modifications (chown...) and later dropping down to user "jira".
All these operations are not possible in openshift.
In most cases, building a new Dockerfile starting from the official image and modifing permissions of the needed files and folders before deploying to a cluster is the solution,
but to make things worse, atlassian choose to "mount" the necessary directories as VOLUME.
They have even referenced the issue in their comments.
VOLUME ["${JIRA_HOME}"] # Must be declared after setting perms
After the volume mount, the permissions can only be modified persistently at runtime.
This forces them to rebuild and set permissions after container startup, using a python function in the entrypoint_helpers.py.
This is also the place, where the container fails with several "permission denied"s.
Would be glad to issue a pull request on this, but unfortunatelly they are hosted on bitbucket.

How to switch to root in Jenkins docker container?

I have setup Jenkins server inside a docker container. The image I am using is docker pull jenkins. After that I connect to the container by docker exec -it b74d035352ec bash. The default user is jenkins but I can't switch to root and got below errors:
jenkins#b74d035352ec:/$ su -
su: must be run from a terminal
I got below error when running sudo:
$ sudo ls
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
sudo: no tty present and no askpass program specified
Does anyone know how to solve the issue? I do need root permission on that container. Or should I install anything? I can build a new image from this image if needed.
You can only do that during build time, as described in the documentation.
FROM jenkins
# if we want to install via apt
USER root
RUN apt-get update && apt-get install -y ruby make more-thing-here
# drop back to the regular jenkins user - good practice
USER jenkins
So you have to build your own image to execute tasks as root user.
Simply you can login to the root account of the running jenkins-container as
docker exec -u 0 -it <container_id/container_name> /bin/bash
After logged in as root, you can switch to the jenkins account using su - jenkins if needed.

Resources