I am trying to sign my images which are being built on the Jenkins pipeline, I have generated and added a signer by the following command by manual login into the Jenkins server. I have logged the detail about the keys in the logs
I Ran this command inside /var/jenkins_home folder
Step 1 (Create a pub and private key)
docker trust key generate jeff // This created jeff.pub on same directory.
Step 2 ( Add a signer)
docker trust signer add --key jeff.pub jeff jchand3/backend-test // This will add signer to image
Step 3
sh "export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=password" // To avoid passphrase prompt
After above step if I run this command manually by login into Jenkins server it is working fine. But when I run the same command from Pipeline I am getting error.
docker trust sign jchand3/backend-test:latest
I am running Jenkins on docker container
FROM jenkins/jenkins:lts
USER root
RUN mkdir -p /tmp/download && \
curl -L https://download.docker.com/linux/static/stable/x86_64/docker-18.03.1-ce.tgz | tar -xz -C /tmp/download && \
rm -rf /tmp/download/docker/dockerd && \
mv /tmp/download/docker/docker* /usr/local/bin/ && \
rm -rf /tmp/download && \
groupadd -g 999 docker && \
usermod -aG staff,docker,daemon jenkins
RUN gpasswd -a jenkins staff
#RUN chown jenkins:jenkins /var/run/docker.sock
USER jenkins
Pipeline code
pipeline {
agent any
environment {
imageName = "jchand3/backend-test"
registryCredential = 'dockerhub'
dockerImage = ''
}
stages {
stage('Git checkout') {
steps {
git branch: 'main', url: 'https://github.com/jitenderchand1/node-app.git'
}
}
stage('Docker build & publish') {
steps {
sh "docker build -t $imageName:$BUILD_NUMBER ."
script {
docker.withRegistry('', registryCredential) {
sh "docker trust inspect $imageName:$BUILD_NUMBER"
sh "ls -l ~/.docker/trust/private"
sh "export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=password"
sh "docker trust sign $imageName:$BUILD_NUMBER"
}
}
}
}
}
}
Started by user jitender chand
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /var/jenkins_home/workspace/declarative-pipeline-backend
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Git checkout)
[Pipeline] git
The recommended git tool is: NONE
No credentials specified
> git rev-parse --resolve-git-dir /var/jenkins_home/workspace/declarative-pipeline-backend/.git # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url https://github.com/jitenderchand1/node-app.git # timeout=10
Fetching upstream changes from https://github.com/jitenderchand1/node-app.git
> git --version # timeout=10
> git --version # 'git version 2.30.2'
> git fetch --tags --force --progress -- https://github.com/jitenderchand1/node-app.git +refs/heads/*:refs/remotes/origin/* # timeout=10
> git rev-parse refs/remotes/origin/main^{commit} # timeout=10
Checking out Revision cfe15aaa9e25b6d78b4486cde740fea4e93a3ebd (refs/remotes/origin/main)
> git config core.sparsecheckout # timeout=10
> git checkout -f cfe15aaa9e25b6d78b4486cde740fea4e93a3ebd # timeout=10
> git branch -a -v --no-abbrev # timeout=10
> git branch -D main # timeout=10
> git checkout -b main cfe15aaa9e25b6d78b4486cde740fea4e93a3ebd # timeout=10
Commit message: "Update README.md"
> git rev-list --no-walk cfe15aaa9e25b6d78b4486cde740fea4e93a3ebd # timeout=10
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Docker build & publish)
[Pipeline] sh
+ docker build -t jchand3/backend-test:83 .
Sending build context to Docker daemon 84.99kB
Step 1/9 : FROM node
---> 57fb6bbb2edf
Step 2/9 : WORKDIR /app
---> Using cache
---> 84213de7b60d
Step 3/9 : COPY package.json .
---> Using cache
---> 146e6ea31489
Step 4/9 : RUN npm install
---> Using cache
---> 243d25f3e1c6
Step 5/9 : COPY . .
---> Using cache
---> 46c0b5241727
Step 6/9 : EXPOSE 80
---> Using cache
---> 9290ee6aebcc
Step 7/9 : ENV MONGODB_USERNAME=root
---> Using cache
---> 04a667a24acd
Step 8/9 : ENV MONGODB_PASSWORD=secret
---> Using cache
---> 206e15f7f85f
Step 9/9 : CMD ["npm", "start"]
---> Using cache
---> cb2de8b73a2b
Successfully built cb2de8b73a2b
Successfully tagged jchand3/backend-test:83
[Pipeline] script
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] withDockerRegistry
Using the existing docker config file.Removing blacklisted property: auths$ docker login -u jchand3 -p ******** https://index.docker.io/v1/
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
[Pipeline] {
[Pipeline] sh
+ docker trust inspect jchand3/backend-test:83
[
{
"Name": "jchand3/backend-test:83",
"SignedTags": [],
"Signers": [
{
"Name": "jeff",
"Keys": [
{
"ID": "33ef31f00726af8e2e09ba75e6c56f2395c35813bd6b2f5533683865dfe1f108"
}
]
}
],
"AdminstrativeKeys": [
{
"Name": "Root",
"Keys": [
{
"ID": "a1b34513aaf27d8d6b92e2864833432c562cbcbb4913919d79c70708d4a1802a"
}
]
},
{
"Name": "Repository",
"Keys": [
{
"ID": "98f50403950134193ecbb3585c96dba1bb74332732156ef290211d4940719770"
}
]
}
]
}
]
[Pipeline] sh
+ ls -l /var/jenkins_home/.docker/trust/private
total 12
-rw------- 1 jenkins jenkins 416 Aug 23 07:30 33ef31f00726af8e2e09ba75e6c56f2395c35813bd6b2f5533683865dfe1f108.key
-rw------- 1 jenkins jenkins 455 Aug 23 07:31 98f50403950134193ecbb3585c96dba1bb74332732156ef290211d4940719770.key
-rw------- 1 jenkins jenkins 416 Aug 23 07:31 a470d6ea202282cee7f141628ba3adc071b6125663d2c6ec75b5f0fa80e6d3b9.key
[Pipeline] sh
+ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=password
[Pipeline] sh
+ docker trust sign jchand3/backend-test:83
Signing and pushing trust data for local image jchand3/backend-test:83, may overwrite remote trust data
The push refers to repository [docker.io/jchand3/backend-test]
12782e858bc1: Preparing
105c63a15d50: Preparing
267f7e4e00b8: Preparing
0f43320c4359: Preparing
14d2bb1782b2: Preparing
804ccdfedc4e: Preparing
6645aae7d038: Preparing
82d42de1648b: Preparing
54acb5a6fa0b: Preparing
8d51c618126f: Preparing
9ff6e4d46744: Preparing
a89d1d47b5a1: Preparing
655ed1b7a428: Preparing
804ccdfedc4e: Waiting
6645aae7d038: Waiting
82d42de1648b: Waiting
54acb5a6fa0b: Waiting
8d51c618126f: Waiting
a89d1d47b5a1: Waiting
655ed1b7a428: Waiting
9ff6e4d46744: Waiting
12782e858bc1: Layer already exists
267f7e4e00b8: Layer already exists
0f43320c4359: Layer already exists
14d2bb1782b2: Layer already exists
105c63a15d50: Layer already exists
804ccdfedc4e: Layer already exists
6645aae7d038: Layer already exists
82d42de1648b: Layer already exists
54acb5a6fa0b: Layer already exists
8d51c618126f: Layer already exists
9ff6e4d46744: Layer already exists
a89d1d47b5a1: Layer already exists
655ed1b7a428: Layer already exists
83: digest: sha256:8bac5b293f90c71fcfbceb5ae47d032e2b710150ad26aeec91157b290c796e8b size: 3049
Signing and pushing trust metadata
failed to sign docker.io/jchand3/backend-test:83: no valid signing keys for delegation roles
[Pipeline] }
[Pipeline] // withDockerRegistry
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE
Edit:
I have found some people reported the same issue and they find out the root cause of this. Can someone guide me how to implement the solution in pipeline
https://groups.google.com/g/jenkinsci-users/c/qYFBEd0M4pU
Related
I am currently facing a situation whereby I can't pull a docker image during my Jenkins pipeline. Jenkins is running in a container as advised in the Jenkins Documentation
Whenever I run my pipeline, I come across the following error:
Started by user piii
Replayed #32
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /var/jenkins_home/workspace/lms-portal
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Checkout SCM)
[Pipeline] checkout
Selected Git installation does not exist. Using Default
The recommended git tool is: NONE
using credential 9d587d39-cf26-4eba-b08e-d9732a70a5b9
> git rev-parse --resolve-git-dir /var/jenkins_home/workspace/lms-portal/.git # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url https://github.com/Piii-thagorus/lms_portal.git # timeout=10
Fetching upstream changes from https://github.com/Piii-thagorus/lms_portal.git
> git --version # timeout=10
> git --version # 'git version 2.30.2'
using GIT_SSH to set credentials jenksins_ssh
[INFO] SELinux is present on the host and we could not confirm that it does not apply actively: will try to relabel temporary files now; this may complain if context labeling not applicable after all
> /usr/bin/chcon --type=ssh_home_t /var/jenkins_home/workspace/lms-portal#tmp/jenkins-gitclient-ssh9208860798294607535.key
Verifying host key using known hosts file
You're using 'Known hosts file' strategy to verify ssh host keys, but your known_hosts file does not exist, please go to 'Manage Jenkins' -> 'Configure Global Security' -> 'Git Host Key Verification Configuration' and configure host key verification.
> git fetch --tags --force --progress -- https://github.com/Piii-thagorus/lms_portal.git +refs/heads/*:refs/remotes/origin/* # timeout=10
> git rev-parse refs/remotes/origin/testing^{commit} # timeout=10
Checking out Revision 3e0e59d57c873b5869628455c28fc82d66f1570f (refs/remotes/origin/testing)
> git config core.sparsecheckout # timeout=10
> git checkout -f 3e0e59d57c873b5869628455c28fc82d66f1570f # timeout=10
Commit message: "Removed docker as agent"
> git rev-list --no-walk 3e0e59d57c873b5869628455c28fc82d66f1570f # timeout=10
[Pipeline] }
[Pipeline] // stage
[Pipeline] withEnv
[Pipeline] {
[Pipeline] isUnix
[Pipeline] withEnv
[Pipeline] {
[Pipeline] sh
+ docker inspect -f . node:latest
error during connect: Get "https://docker:2376/v1.24/containers/node:latest/json": dial tcp: lookup docker: no such host
[Pipeline] isUnix
[Pipeline] withEnv
[Pipeline] {
[Pipeline] sh
+ docker pull node:latest
error during connect: Post "https://docker:2376/v1.24/images/create?fromImage=node&tag=latest": dial tcp: lookup docker: no such host
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE
Below is my pipeline, There
pipeline {
agent {
docker { image 'node:latest' }
}
stages {
stage('Prepare'){
steps{
sh 'echo "starting"'
}
}
}
}
What can be the cause of this? Any solution is appreciated.
Thank you
From what I understood you are running Jenkins as a container, and you want to run a build in which you require to pull a docker container.
If I am correct, let me make it clear.
You are running Jenkins as a docker container which means you do not have a local installation of Jenkins where you are running docker. Nor does Jenkins container run docker so you are trying to pull a docker container from where you do not have docker.
There is a work around for the same. You can install docker plugin and configure it.
Find the plugin documentation here
Also, you can try doing this.
There is a section in second hyperlink which shows how to configure docker agent before you use it.
Hope this helps,
Have a great day.
I have created a K3d cluster. I've Deployed a jenkins 2.319.1 controller inside, along with kubernetes plugin 1.31.1 (and git, pipeline and the like)
The idea is to run both the controller and the agents in the same cluster. To do so I've configured a cloud like in this picture:
[Cloud Configuration ][1]
[1]: https://i.stack.imgur.com/u91Fr.png
(I've done several attempts with different combinations for the agents to connect to the controller. Finally I've stayed with JNLP - NO WEBSOCKET - although, anyway, the timeout I'm about to describe is common to both of them)
With the cloud configured and being able to spawn the agents, after many attempts I finally discovered that the job was hanging (and dying of timeout) in the execution inside a container step. Actions within the default "jnlp" container are ok but the moment you do something as trivial as: sh 'ls -l' inside another container the job dies after 30 seconds with the following log:
> .
.
.
.
readOnly: false
nodeSelector:
kubernetes.io/os: "linux"
restartPolicy: "Never"
volumes:
- emptyDir:
medium: ""
name: "workspace-volume"
Running on prueba-6-tj9w5-r0qt9-kcst4 in /home/jenkins/agent/workspace/Prueba
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Get a Maven project)
[Pipeline] sh
+ git config --global http.proxy http://10.11x.xx.xx:8080
[Pipeline] sh
+ git config --global https.proxy http://10.11x.xx.xx:8080
[Pipeline] git
The recommended git tool is: NONE
No credentials specified
Cloning the remote Git repository
Cloning repository https://github.com/jenkinsci/kubernetes-plugin.git
> git init /home/jenkins/agent/workspace/Prueba # timeout=10
Fetching upstream changes from https://github.com/jenkinsci/kubernetes-plugin.git
> git --version # timeout=10
> git --version # 'git version 2.30.2'
> git fetch --tags --force --progress -- https://github.com/jenkinsci/kubernetes-plugin.git +refs/heads/*:refs/remotes/origin/* # timeout=10
Avoid second fetch
Checking out Revision a61114b275425489761f095e8a89b19cf2ab5c8e (refs/remotes/origin/master)
> git config remote.origin.url https://github.com/jenkinsci/kubernetes-plugin.git # timeout=10
> git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
> git config core.sparsecheckout # timeout=10
> git checkout -f a61114b275425489761f095e8a89b19cf2ab5c8e # timeout=10
> git branch -a -v --no-abbrev # timeout=10
> git checkout -b master a61114b275425489761f095e8a89b19cf2ab5c8e # timeout=10
Commit message: "[maven-release-plugin] prepare for next development iteration"
First time build. Skipping changelog.
[Pipeline] container
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Build a Maven project)
[Pipeline] sh
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // podTemplate
[Pipeline] End of Pipeline
java.io.IOException: Timed out waiting for websocket connection. You should increase the value of system property org.csanchez.jenkins.plugins.kubernetes.pipeline.ContainerExecDecorator.websocketConnectionTimeout currently set at 60 seconds
at org.csanchez.jenkins.plugins.kubernetes.pipeline.ContainerExecDecorator$1.doLaunch(ContainerExecDecorator.java:457)
at org.csanchez.jenkins.plugins.kubernetes.pipeline.ContainerExecDecorator$1.launch(ContainerExecDecorator.java:344)
at hudson.Launcher$ProcStarter.start(Launcher.java:507)
.
.
.
I don't know the websocket message as in the cloud configuration this is clearly unchecked. As I mention if I check websocket (along with clearing tunnel) I get the same result.
I don't know if this has anything to do with jenkins running inside a dockerized cluster. I have installed the same cluster (k3d v4.4.7) both in wsl2 in windows and also in rhel 7.9.
Sample pipeline used (this last one borrowed from ):
> podTemplate(containers: [
containerTemplate(name: 'maven', image: 'maven:3.3.9-jdk-8-alpine', ttyEnabled: true, command: 'cat'),
containerTemplate(name: 'golang', image: 'golang:1.8.0', ttyEnabled: true, command: 'cat')
]) {
node(POD_LABEL) {
env.http_proxy='http_proxy=http://10.11x.xx.xx:8080'
env.https_proxy='http_proxy=http://10.11x.xx.xx:8080'
stage('Get a Maven project') {
sh 'git config --global http.proxy http://10.11x.xx.xx:8080'
sh 'git config --global https.proxy http://10.11x.xx.xx:8080'
git 'https://github.com/jenkinsci/kubernetes-plugin.git'
container('maven') {
stage('Build a Maven project') {
sh 'mvn -B clean install'
}
}
}
stage('Get a Golang project') {
git url: 'https://github.com/hashicorp/terraform.git'
container('golang') {
stage('Build a Go project') {
sh """
mkdir -p /go/src/github.com/hashicorp
ln -s `pwd` /go/src/github.com/hashicorp/terraform
cd /go/src/github.com/hashicorp/terraform && make core-dev
"""
}
}
}
}
}
Regards
As mentioned in previous comment referring to post (Jenkins with Kubernetes Client Plugin - NoSuchMethodError) upgrading kubernetes plugin to v1.31.2 solved the problem. Already patched and tested.
KR
I installed Docker (19.03.3) and Jenkins (2.190.2 LTS from https://jenkins.io/download/) on my Ubuntu 19.04 machine. Then I created a pipeline that loads a Jenkinsfile from an example Git repository I created. Everything works well until Jenkins instructs Docker to pull an image. The response is that the system does not have permission to do so. I already added my system user to the docker group (sudo usermod -aG docker $USER) and successfully tested docker pull node:6-alpine in my terminal. But Jenkins still fails.
Anyone an idea what the problem is? I guess this is not very complicated and rather a typical configuration error.
Jenkins Pipeline Console Output:
Started by user John Doe
Obtained Jenkinsfile from git http://repo.myserver.com/john/example-app.git
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /var/lib/jenkins/workspace/example-app-builder
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Checkout SCM)
[Pipeline] checkout
using credential jenkins
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url http://repo.myserver.com/john/example-app.git # timeout=10
Fetching upstream changes from http://repo.myserver.com/john/example-app.git
> git --version # timeout=10
using GIT_ASKPASS to set credentials Credentials for repo.myserver.com.
> git fetch --tags --force --progress -- http://repo.myserver.com/john/example-app.git +refs/heads/*:refs/remotes/origin/* # timeout=10
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
> git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision f578983d6e153b3063e184c8df194dcff6ee39ab (refs/remotes/origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f f578983d6e153b3063e184c8df194dcff6ee39ab # timeout=10
Commit message: "Add initial Jenkinsfile."
> git rev-list --no-walk f578983d6e153b3063e184c8df194dcff6ee39ab # timeout=10
[Pipeline] }
[Pipeline] // stage
[Pipeline] withEnv
[Pipeline] {
[Pipeline] isUnix
[Pipeline] sh
+ docker inspect -f . node:6-alpine
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/node:6-alpine/json: dial unix /var/run/docker.sock: connect: permission denied
[Pipeline] isUnix
[Pipeline] sh
+ docker pull node:6-alpine
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/create?fromImage=node&tag=6-alpine: dial unix /var/run/docker.sock: connect: permission denied
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE
Your Jenkins does not run with the dockers user. It runs with user jenkins. The command should therefore be the following in order to allow user jenkins to create Docker containers:
sudo usermod -aG docker jenkins
This is my first Jenkins script, it currently operates well on Linux but I migrate to MacOS (High Sierra) with the result of getting shell script error.
Node and yarn packages are installed on local Jenkins user. I can't figure out why this error just happens, could anyone give me a hand on this?
Here is my Jenkins file:
node {
stage('Check out') {
checkout scm
}
stage('Prepare') {
sh "yarn install"
}
stage('Test') {
sh "yarn test"
}
stage('Sonar') {
if (env.BRANCH_NAME == 'dev') {
def scannerHome = tool 'sonar scanner';
withSonarQubeEnv('sonar') {
sh "${scannerHome}/bin/sonar-scanner"
}
}
}
}
And full log:
14:43:11 Connecting to https://api.github.com using hariklee/******
Obtained Jenkinsfile from 6c639bd70ac86cbe6a49ac0b58bcc10e3c64a375
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] node
Running on Jenkins in
/Users/Shared/Jenkins/Home/workspace/wingman_423_ci_cd-7PSSGRAMBTXUQRESYCNVODXU7IZJLJLPHQOE3KYEPCSAAYAFFD4A
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Check out)
[Pipeline] checkout
git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
git config remote.origin.url https://github.com/wingman-xyz/app.git # timeout=10
Fetching without tags
Fetching upstream changes from https://github.com/wingman-xyz/app.git
git --version # timeout=10
using GIT_ASKPASS to set credentials
git fetch --no-tags --progress https://github.com/wingman-xyz/app.git +refs/heads/423_ci_cd:refs/remotes/origin/423_ci_cd
Checking out Revision 6c639bd70ac86cbe6a49ac0b58bcc10e3c64a375 (423_ci_cd)
git config core.sparsecheckout # timeout=10
git checkout -f 6c639bd70ac86cbe6a49ac0b58bcc10e3c64a375
Commit message: "jenkins test"
First time build. Skipping changelog.
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Prepare)
[Pipeline] sh
[wingman_423_ci_cd-7PSSGRAMBTXUQRESYCNVODXU7IZJLJLPHQOE3KYEPCSAAYAFFD4A] Running shell script
yarn install
/Users/Shared/Jenkins/Home/workspace/wingman_423_ci_cd-7PSSGRAMBTXUQRESYCNVODXU7IZJLJLPHQOE3KYEPCSAAYAFFD4A#tmp/durable-cf573520/script.sh: line 2: yarn: command not found
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
GitHub has been notified of this commit’s build result
ERROR: script returned exit code 127
Finished: FAILURE
There is no yarn command in your PATH variable.
Do npm install -g yarn before
stage('Prepare') {
sh "npm install -g yarn"
sh "yarn install"
}
If you get an error about not found npm command then you will have to add npm explicitly to your PATH using withEnv() {}
withEnv(['PATH+NODE=/something=/path/to/node/bin']) {
stage('Prepare') {
sh "npm install -g yarn"
sh "yarn install"
}
}
I'm running a Jenkins on Amazon EC2--the master in a Docker container and an agent on a separate box. My playbook executes an Ansible script, using the Jenkins Ansible plugin.
I had to install a new version of Ansible on the agent. I installed Ansible from git using the Running from Source instructions, and installed to /home/ec2-user/ansible. If I ssh to the agent and run which ansible I get ~/ansible/bin/ansible as expected. I entered /home/ec2-user/ansible/bin in the 'Ansible executables directory' for my new install, at the Manage Jenkins > Global Tool Configuration page.
When I run my Jenkins pipeline, however, I get this:
Running on docker-agent-1 in /home/ec2-user/jenkins/workspace/planet-healthcare-pipeline
[Pipeline] {
[Pipeline] pwd
[Pipeline] stage
[Pipeline] { (Download source and capture commit ID)
[Pipeline] sh
[planet-healthcare-pipeline] Running shell script
+ which ansible
which: no ansible in (/usr/local/bin:/bin:/usr/bin)
It says it's running on docker-agent-1 (which is the name of my agent), and I can see Ansible if I ssh there. Why can't Jenkins find the ansible executable?
UPDATE: After adding PATH as an environment variable, it can find Ansible, but now something else breaks. Here's the new output:
Running on docker-agent-1 in /home/ec2-user/jenkins/workspace/planet-healthcare-pipeline
[Pipeline] {
[Pipeline] pwd
[Pipeline] stage
[Pipeline] { (Download source and capture commit ID)
[Pipeline] sh
[planet-healthcare-pipeline] Running shell script
+ which ansible
/home/ec2-user/ansible/bin/ansible
[Pipeline] sh
[planet-healthcare-pipeline] Running shell script
+ ansible --version
ansible 2.2.0 (devel 1975a545bd) last updated 2016/09/20 16:19:06 (GMT +000)
lib/ansible/modules/core: (detached HEAD 70d4ff8e38) last updated 2016/09/20 16:19:08 (GMT +000)
lib/ansible/modules/extras: (detached HEAD db7a3f48e1) last updated 2016/09/20 16:19:09 (GMT +000)
config file = /home/ec2-user/jenkins/workspace/planet-healthcare-pipeline/ansible.cfg
configured module search path = Default w/o overrides
[Pipeline] git
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url git#bitbucket.org:planetgroup/planethealthcareportal.git # timeout=10
Fetching upstream changes from git#bitbucket.org:planetgroup/planethealthcareportal.git
> git --version # timeout=10
using GIT_SSH to set credentials Deployment key for Planet Healthcare Portal
> git fetch --tags --progress git#bitbucket.org:planetgroup/planethealthcareportal.git +refs/heads/*:refs/remotes/origin/*
> git rev-parse refs/remotes/origin/develop^{commit} # timeout=10
> git rev-parse refs/remotes/origin/origin/develop^{commit} # timeout=10
Checking out Revision e69608a15c9d433e2a22824c7e607048332a4160 (refs/remotes/origin/develop)
> git config core.sparsecheckout # timeout=10
> git checkout -f e69608a15c9d433e2a22824c7e607048332a4160
> git branch -a -v --no-abbrev # timeout=10
> git branch -D develop # timeout=10
> git checkout -b develop e69608a15c9d433e2a22824c7e607048332a4160
> git rev-list e69608a15c9d433e2a22824c7e607048332a4160 # timeout=10
[Pipeline] sh
[planet-healthcare-pipeline] Running shell script
+ git rev-parse --verify HEAD
[Pipeline] readFile
[Pipeline] echo
Current commit ID: e69608a
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Copy application.yml to environment)
[Pipeline] withCredentials
[Pipeline] {
[Pipeline] sh
[planet-healthcare-pipeline] Running shell script
+ sudo cp **** config/application.yml
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Build image)
[Pipeline] sh
[planet-healthcare-pipeline] Running shell script
+ docker build -t planethealthcare/portal_app .
Sending build context to Docker daemon 557.1 kB
Sending build context to Docker daemon 1.114 MB
Sending build context to Docker daemon 1.671 MB
Sending build context to Docker daemon 2.228 MB
Sending build context to Docker daemon 2.785 MB
Sending build context to Docker daemon 3.342 MB
Sending build context to Docker daemon 3.398 MB
Step 1 : FROM ruby:2.3
---> 7b66156f376c
Step 2 : MAINTAINER David Ham <dham#uxfactory.com>
---> Using cache
---> 47f6f577f049
Step 3 : RUN apt-get update && apt-get install -y build-essential curl gstreamer1.0-plugins-base gstreamer1.0-tools gstreamer1.0-x libqt5webkit5-dev qt5-default xvfb && apt-get clean && rm -rf /var/lib/apt/lists/* && mkdir -p /app
---> Using cache
---> 38c1313e574d
Step 4 : WORKDIR /app
---> Using cache
---> 75a023d99fce
Step 5 : COPY Gemfile Gemfile.lock ./
---> Using cache
---> c39c81496a6b
Step 6 : ENV QMAKE /usr/bin/qmake
---> Using cache
---> 3226bf5f4e63
Step 7 : RUN bundle install --retry 20
---> Using cache
---> 91cb9908d53a
Step 8 : COPY . ./
---> 7330a8f5ba7c
Removing intermediate container bd55b7deddaf
Step 9 : EXPOSE 3000
---> Running in 76e6418e2b3f
---> 81427ffb31f5
Removing intermediate container 76e6418e2b3f
Step 10 : CMD bundle exec rails server
---> Running in c2a90c3c59f6
---> 15ab02b3ab8d
Removing intermediate container c2a90c3c59f6
Successfully built 15ab02b3ab8d
[Pipeline] dockerFingerprintFrom
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Run test suite)
[Pipeline] sh
[planet-healthcare-pipeline] Running shell script
+ docker run -d -p 5432:5432 -e POSTGRES_PASSWORD=postgres -e POSTGRES_DB=phc_portal_test postgres:9.5
[Pipeline] dockerFingerprintRun
[Pipeline] sh
[planet-healthcare-pipeline] Running shell script
+ docker inspect -f . planethealthcare/portal_app
.
[Pipeline] withDockerContainer
$ docker run -t -d -u 500:500 --link 85511ce90ce11c24818ae63bbbf7ab47745be7d96807d450b4adebd4c3196c5e:postgres -p 3000:3000 -e RAILS_ENV=test -w /home/ec2-user/jenkins/workspace/planet-healthcare-pipeline -v /home/ec2-user/jenkins/workspace/planet-healthcare-pipeline:/home/ec2-user/jenkins/workspace/planet-healthcare-pipeline:rw -v /home/ec2-user/jenkins/workspace/planet-healthcare-pipeline#tmp:/home/ec2-user/jenkins/workspace/planet-healthcare-pipeline#tmp:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** --entrypoint cat planethealthcare/portal_app
[Pipeline] {
[Pipeline] echo
running tests...
[Pipeline] sh
[planet-healthcare-pipeline] Running shell script
+ rails db:migrate
/home/ec2-user/jenkins/workspace/planet-healthcare-pipeline#tmp/durable-32785ba4/script.sh: 2: /home/ec2-user/jenkins/workspace/planet-healthcare-pipeline#tmp/durable-32785ba4/script.sh: rails: not found
[Pipeline] }
$ docker stop 3acf37726ce1061d2e0f6e8d0cec882c707b42e710916636b17aaece4f516f2d
$ docker rm -f 3acf37726ce1061d2e0f6e8d0cec882c707b42e710916636b17aaece4f516f2d
[Pipeline] // withDockerContainer
[Pipeline] sh
[planet-healthcare-pipeline] Running shell script
+ docker stop 85511ce90ce11c24818ae63bbbf7ab47745be7d96807d450b4adebd4c3196c5e
85511ce90ce11c24818ae63bbbf7ab47745be7d96807d450b4adebd4c3196c5e
+ docker rm -f 85511ce90ce11c24818ae63bbbf7ab47745be7d96807d450b4adebd4c3196c5e
85511ce90ce11c24818ae63bbbf7ab47745be7d96807d450b4adebd4c3196c5e
[Pipeline] }
[Pipeline] // stage
[Pipeline] mail
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 127
Finished: FAILURE
And here's the pipeline:
node('docker') {
currentBuild.result = "SUCCESS"
try{
def git_commit = ""
def workspace = pwd()
def APPLICATION_YML
def image
stage("Download source and capture commit ID") {
sh "which ansible"
sh "ansible --version"
// Download source
git branch: 'develop', credentialsId: 'b96345a1-543c-4ccd-9a86-deca7203625c', url: 'git#bitbucket.org:planetgroup/planethealthcareportal.git'
// Get the commit ID
sh 'git rev-parse --verify HEAD > GIT_COMMIT'
git_commit = readFile('GIT_COMMIT').take(7)
echo "Current commit ID: ${git_commit}"
}
stage("Copy application.yml to environment"){
// write the application.yml to a file
withCredentials([[$class: 'FileBinding', credentialsId: '67dbd2e7-008f-4463-89a6-9645060e8ec8', variable: 'APPLICATION_YML']]) {
sh "sudo cp ${env.APPLICATION_YML} config/application.yml"
}
}
stage("Build image"){
image = docker.build "planethealthcare/portal_app"
}
stage("Run test suite"){
// start postgres
def postgres95 = docker.image('postgres:9.5')
postgres95.withRun("-p 5432:5432 -e POSTGRES_PASSWORD=postgres -e POSTGRES_DB=phc_portal_test"){ postgres ->
image.inside("--link ${postgres.id}:postgres -p 3000:3000 -e RAILS_ENV=test") {
echo "running tests..."
sh "rails db:migrate"
sh "rspec --tag ~pending"
sh "cucumber"
}
}
}
stage("Push to ECR registry"){
docker.withRegistry('https://0000000000.dkr.ecr.us-east-1.amazonaws.com', 'ecr:dham'){
image.push "${git_commit}"
image.push 'latest'
}
}
stage("Deploy app"){
// run the playbook
ansiblePlaybook([
colorized: true,
credentialsId: 'planet-healthcare',
installation: 'ansible-2-2-0',
inventory: 'staging',
playbook: 'deploy.yml',
extras: "--extra-vars 'app_build_id=${git_commit}''"
])
}
}
catch(err) {
currentBuild.result = "FAILURE"
mail body: "project build error: ${err}\n\n\n ${currentBuild.description}" ,
subject: 'project build failed',
to: 'me#example.com'
throw err
}
}
It's failing in the "Run test suite" stage--it can't find rails to run rails db:migrate, even though I know it's in the container.
Why would setting PATH on the agent affect a script that happens inside a Docker container?
Do you execute which ansible in your script? It searches only defined PATHs.
And it seems /home/ec2-user/ansible/bin is not in /usr/local/bin:/bin:/usr/bin (from your output).
You may go to agent-node's settings in Jenkins and add PATH environment variable with $PATH:/home/ec2-user/ansible/bin value.