【问题标题】:OKD 3.9 jenkins slave Permission deniedOKD 3.9 jenkins slave 权限被拒绝
【发布时间】:2019-04-02 10:23:45
【问题描述】:

当我在 openshift/OKD 中运行容器中的构建时遇到了奇怪的问题:

Running in Durability level: MAX_SURVIVABILITY
[Pipeline] node
Still waiting to schedule task
‘Jenkins’ doesn’t have label ‘slave’
Agent slave-8n2r5 is provisioned from template Kubernetes Pod Template
Agent specification [Kubernetes Pod Template] (slave): 
* [jnlp] docker-registry.default.svc:5000/openshift/jenkins-slave-base-    centos7:v3.9

Running on slave-8n2r5 in /tmp/workspace/test_job
[Pipeline] {
[Pipeline] stage (hello)
Using the ‘stage’ step without a block argument is deprecated
Entering stage hello
Proceeding
[Pipeline] echo
dupa
[Pipeline] sh
[test_job] Running shell script
sh: /tmp/workspace/test_job@tmp/durable-bda908b8/script.sh: Permission     denied
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 126
Finished: FAILURE

管道:

node('slave') {
    stage 'hello'
        println('dupa')
        sh 'git clone http://pac-app-test-01.raiffeisen.pl:8081/a/cm-devops-okd-example-python'
}

从容器配置:

        <org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
      <inheritFrom></inheritFrom>
      <name>slave</name>
      <namespace></namespace>
      <privileged>false</privileged>
      <capOnlyOnAlivePods>false</capOnlyOnAlivePods>
      <alwaysPullImage>false</alwaysPullImage>
      <instanceCap>2147483647</instanceCap>
      <slaveConnectTimeout>100</slaveConnectTimeout>
      <idleMinutes>0</idleMinutes>
      <activeDeadlineSeconds>0</activeDeadlineSeconds>
      <label>slave</label>
      <serviceAccount>jenkins</serviceAccount>
      <nodeSelector></nodeSelector>
      <nodeUsageMode>NORMAL</nodeUsageMode>
      <customWorkspaceVolumeEnabled>false</customWorkspaceVolumeEnabled>
      <workspaceVolume class="org.csanchez.jenkins.plugins.kubernetes.volumes.workspace.EmptyDirWorkspaceVolume">
        <memory>false</memory>
      </workspaceVolume>
      <volumes/>
      <containers>
        <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
          <name>jnlp</name>
          <image>docker-registry.default.svc:5000/openshift/jenkins-slave-base-centos7:v3.9</image>
          <privileged>false</privileged>
          <alwaysPullImage>true</alwaysPullImage>
          <workingDir>/tmp</workingDir>
          <command></command>
          <args>${computer.jnlpmac} ${computer.name}</args>
          <ttyEnabled>false</ttyEnabled>
          <resourceRequestCpu></resourceRequestCpu>
          <resourceRequestMemory></resourceRequestMemory>
          <resourceLimitCpu></resourceLimitCpu>
          <resourceLimitMemory></resourceLimitMemory>
          <envVars/>
          <ports/>
          <livenessProbe>
            <execArgs></execArgs>
            <timeoutSeconds>0</timeoutSeconds>
            <initialDelaySeconds>0</initialDelaySeconds>
            <failureThreshold>0</failureThreshold>
            <periodSeconds>0</periodSeconds>
            <successThreshold>0</successThreshold>
          </livenessProbe>
        </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>

主 jenkins 容器和从属容器都在同一个名称空间中运行。 我可以登录到容器,权限没有问题。我认为这是一个愚蠢的错误,但我自己找不到。你能帮我解决这个问题吗?我很困惑?

【问题讨论】:

  • 你确定权限没有问题吗?可以创建OKD容器并在同一个环境下执行git clone ...吗?
  • 我发现路由问题 kubernetes 挂载workspace-volumenoexec。知道如何更改吗?

标签: docker jenkins kubernetes openshift okd


【解决方案1】:

作为我的 openshift 装载卷 emptyDir() 和选项 noexec 我在管道中找到了解决此问题的方法,我正在更改工作区:

  node('slave') {
    ws('/tmp/test/' + env.JOB_NAME){
     println('dupa')
     sh 'git clone http://xxxx:8081/a/cm-devops-okd-example-python'
  }

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2020-02-03
    • 2018-11-16
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2013-02-27
    • 2022-12-18
    • 2018-10-29
    相关资源
    最近更新 更多