Jenkins user has root as home directory - jenkins

I'm running jenkins in a virtual machine on google cloud platform. The VM came from bitnami.
My problem is that if I run a job which executes a bash script and from that script I try to access ~ it returns /
The user my jobs are run as is tomcat. Tomcats home directory is /home/tomcat as you would expect. If I login as tomcat and cd to ~ it will take me to the correct place /home/tomcat.
Why is the home directory of tomcat different when running a job from jenkins than it is if I just login normally?

Have you tried executing
whoami
in a job?
Perhaps Jenkins is run by a different functional user than tomcat.
Have you checked the root dir for anything suspicious that would indicate that it is somehow used? Finally, how do you exactly check the home dir in a job?

Related

Kubernetes fails inside jenkins pipeline

I'm trying to run kubectl commands inside jenkins pipeline but they are failing. Outside in powershell window they work fine but in the pipeline, they show this when doing:
kubectl cluster-info --v=99
I've tried adding --token $TOKEN (jwt generated) following some other thread's recommendation but didn't work. Anyone know why this is happening and any way to bypass it? All these commands work fine when ran outside the jenkins pipeline.
The problem was jenkins actually uses a different home directory and so even if your kubectl work in command line, it won't run if jenkins runs it from the pipeline as it doesn't have access to the credentials from the user directory.
So find your .kube config folder, usually in C:/users/ and then copy and paste that folder in the $JENKINS_HOME directory. The jenkins home directory can vary depending on how you installed it (for windows installers, it gets put in an obscure location inside System32). Once done, then jenkins will have access to the same certificates you use natively to run kubectl commands and it will have full access.

Run ansible using Jenkins

I created a job in jenkins and I want to build the project using ansible. I want to run my command on several host (that's why I use ansible). When I try to run the project it fails with some permission error:
/home/ubuntu/install.sh -s -U ubuntu -f 5
FATAL: command execution failed
java.io.IOException: Cannot run program "/usr/bin/ansible" (in directory "/var/lib/jenkins/jobs/Standard Demo/workspace"): error=13, Permission denied
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1047)
at hudson.Proc$LocalProc.<init>(Proc.java:244)
at hudson.Proc$LocalProc.<init>(Proc.java:216)
Do you know what the problem is? I am logged into the jenkins server as admin user.
This is not an Ansible problem, it is a configuration issue in Jenkins. As others have noted, by default Jenkins will run as a "normal user" (typically jenkins). That is the user that jobs and steps (including shell scripts like the one you're calling) will run as. In your case, this user does not have sufficient permissions to run Ansible.
I don't recommend changing this default user because a. there are good security reasons for this setup, and b. it can actually be complex to do right, because you would have to address permissions issues for all of Jenkins to match the new user. However, it's quite easy to do things like run sudo from within a Script build step. Just use that tool (and a properly configured /etc/sudoers) to gain the permissions you need during the build.

Jenkins Jobs are not loading while starting it from CLI

I have setup a lot of jobs while Jenkins is running as windows service.When i try to start Jenkins from command line , none of the jobs are showing up.
Can some one let me know how to make sure all jobs are loaded when i start Jenkins from CLI on windows machine.
Make sure you have the same Jenkins home directory when you run it from CLI.
You can use JENKINS_HOME variable to control that:
set JENKINS_HOME=C:/myJenkins
java -jar jenkins.war

how to run a job on the master as a different user?

I have jenkins installed on a linux machine within tomcat behind Apache.
As a consequence jenkins runs as tomcat. The user tomcat is not configured properly to run the job.
How do I tell Jenkins to run a job as a different user on the same machine ?
Does it make sense to define a slave on the same machine but with a different user ?
You can use su or sudo to run as a different user inside a build step, but that comes with some security implications. If this is something you want to do regularly I would recommend that you define a slave on the same machine with the other user, as you have suggested. I am not aware of any plugins/extensions that would make this easier for you unfortunately.
I sometimes would ssh into the account and instead of running build.sh run ssh user#localhost build.sh

Setup Jenkins to monitor external job

I read the part of the Jenkins wiki that covers setting up a remote job to be monitored by a Jenkins instance. However, the documentation is confusing as it doesn't tell me what to configure on the Jenkins machine or the remote machine (the one that does the job).
Further, the documentation mentions Java commands that can be fired directly and others that need a servlet container. Do I have to install a servlet container on the remote machine?
Maybe it's all there but for me it's like a mix of two documentations. Can you please clarify:
What do I need to do on the remote machine?
What do I need to do on the Jenkins machine?
Thank you.
In Jenkins, you need to create a job using the "Monitor an external job" option. Give this a name, for example "nightly-backup".
On the machine where the external job is running, you need Java installed and some basic Jenkins JAR files, so that the job results can be sent to Jenkins.
As the wiki page says, on some versions of Debian or Ubuntu you can do this with:
sudo apt-get install jenkins-external-tool-monitor
Otherwise, you have to copy a bunch of JARs manually — i.e. those listed on the wiki page — to your remote machine.
Once you have the JARs available on your remote machine, you can execute whichever command you like there, so long as you prefix it with some Jenkins information: where to find the Jenkins installation, the main Java JAR, and the job name:
JENKINS_HOME=http://my-jenkins/ java -jar jenkins-core-*.jar nightly-backup ./backup.sh --nightly /home
Where http://my-jenkins/ is the base URL to Jenkins, nightly-backup matches the name of the "Monitor an external job" you created in Jenkins, and ./backup.sh --nightly /home is the command you wish to run.
The output of this ./backup.sh command will show up in Jenkins automatically once it's complete.
It looks like this is now called "jenkins-external-job-monitor", so you'd type:
sudo apt-get install jenkins-external-job-monitor

Resources