【问题标题】:Overwriting config.xml for Jenkins at startup在启动时为 Jenkins 覆盖 config.xml
【发布时间】:2018-09-16 09:53:01
【问题描述】:

我正在 K8S 集群中设置 Jenkins 机器,并希望为我的 Kubernetes 集群预配置云属性。

出于这个原因,我想在启动时加载一个自定义的config.xml 文件。

我的 config.xml 当前位于名为 jenkins-config 的 configMap 中,并包含我编辑的整个 XML 文件。

现在使用我正在使用的 Jenkins 映像,它会加载 /var/jenkins_home/ 下的所有配置

这意味着config.xml 文件位于/var/jenkins_home 下。 /var/jenkins_home 当然是持久化的。

我将我的 configMap 介绍为 VolumeMount。

我的 deployment.yaml 文件是:

spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: jenkins
        release: 1.1.1
    spec:
      containers:
        - name: jenkins
          image: jenkins-master:1.0
          env:
            - name: JAVA_OPTS
              value: -Djenkins.install.runSetupWizard=false
          ports:
            - name: http-port
              containerPort: 8080
            - name: jnlp-port
              containerPort: 54000
          volumeMounts:
            - name: jenkins-home
              mountPath: /var/jenkins_home
              readOnly: false
            - name: jenkins-config
              mountPath: /var/jenkins_home/config.xml
              subPath: config.xml
      volumes:
        - name: jenkins-home
          emptyDir: {}
        - name: jenkins-config
          configMap:
            name: jenkins-config

现在我可以访问我的 pod 并验证新配置是否确实存在,但我的 Jenkins 给出的错误如下:

WARNING: Unable to move atomically, falling back to non-atomic move.
java.nio.file.FileSystemException: /var/jenkins_home/atomic1870316694682040724tmp -> /var/jenkins_home/config.xml: Device or resource busy
    at sun.nio.fs.UnixException.translateToIOException(UnixException.java:91)
    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
    at sun.nio.fs.UnixCopyFile.move(UnixCopyFile.java:396)
    at sun.nio.fs.UnixFileSystemProvider.move(UnixFileSystemProvider.java:262)
    at java.nio.file.Files.move(Files.java:1395)
    at hudson.util.AtomicFileWriter.commit(AtomicFileWriter.java:191)
    at hudson.XmlFile.write(XmlFile.java:198)
    at jenkins.model.Jenkins.save(Jenkins.java:3221)
    at jenkins.model.Jenkins.saveQuietly(Jenkins.java:3227)
    at jenkins.model.Jenkins.setSecurityRealm(Jenkins.java:2505)
    at jenkins.model.Jenkins$16.run(Jenkins.java:3188)
    at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
    at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
    at jenkins.model.Jenkins$5.runTask(Jenkins.java:1066)
    at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
    at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

Sep 15, 2018 10:06:23 PM hudson.util.AtomicFileWriter commit
INFO: The target file /var/jenkins_home/config.xml was already existing
Sep 15, 2018 10:06:23 PM hudson.util.AtomicFileWriter commit
WARNING: Unable to move /var/jenkins_home/atomic1870316694682040724tmp to /var/jenkins_home/config.xml. Attempting to delete /var/jenkins_home/atomic1870316694682040724tmp and abandoning.
Sep 15, 2018 10:06:23 PM jenkins.model.Jenkins saveQuietly
WARNING: null
java.nio.file.FileSystemException: /var/jenkins_home/config.xml: Device or resource busy
    at sun.nio.fs.UnixException.translateToIOException(UnixException.java:91)
    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
    at sun.nio.fs.UnixCopyFile.move(UnixCopyFile.java:447)
    at sun.nio.fs.UnixFileSystemProvider.move(UnixFileSystemProvider.java:262)
    at java.nio.file.Files.move(Files.java:1395)
    at hudson.util.AtomicFileWriter.commit(AtomicFileWriter.java:206)
    at hudson.XmlFile.write(XmlFile.java:198)
    at jenkins.model.Jenkins.save(Jenkins.java:3221)
    at jenkins.model.Jenkins.saveQuietly(Jenkins.java:3227)
    at jenkins.model.Jenkins.setSecurityRealm(Jenkins.java:2505)
    at jenkins.model.Jenkins$16.run(Jenkins.java:3188)
    at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
    at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
    at jenkins.model.Jenkins$5.runTask(Jenkins.java:1066)
    at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
    at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
    Suppressed: java.nio.file.FileSystemException: /var/jenkins_home/atomic1870316694682040724tmp -> /var/jenkins_home/config.xml: Device or resource busy
        at sun.nio.fs.UnixException.translateToIOException(UnixException.java:91)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
        at sun.nio.fs.UnixCopyFile.move(UnixCopyFile.java:396)
        at sun.nio.fs.UnixFileSystemProvider.move(UnixFileSystemProvider.java:262)
        at java.nio.file.Files.move(Files.java:1395)
        at hudson.util.AtomicFileWriter.commit(AtomicFileWriter.java:191)
        ... 13 more

看起来 Jenkins 加载了默认的 config.xml 文件,然后用我发送的文件覆盖了它,这让 Jenkins 吓坏了。

我可以制作我的 Docker 镜像的这一部分,但我想使用 K8S 覆盖而不是在镜像中制作文件。

关于如何在 Jenkins 启动时安全地引入 config.xml 文件有什么想法吗?

编辑

另一个尝试::

我什至尝试了以下配置:

volumeMounts:
        - name: jenkins-home
          mountPath: /var/jenkins_home
          readOnly: false
  volumes:
    - name: jenkins-home
      configMap:
        name: jenkins-config
        items:
        - key: config.xml
          path: config.xml

但这会产生:

kubectl logs -n jenkins-pipeline jenkins-bc879c4df-m8nlc
touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Read-only file system
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?

【问题讨论】:

  • coderanger.net/jenkins 的强制插件,它解释了一个更好的方法来做到这一点。与其尝试完全控制 config.xml(Jenkins 讨厌),不如使用 Groovy 脚本系统在每次启动时进行配置。

标签: jenkins kubernetes


【解决方案1】:

您基本上是将/var/jenkins_home/config.xml 安装在/var/jenkins_home 之上,而詹金斯无法写入它。试试这个:

spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: jenkins
        release: 1.1.1
    spec:
      containers:
        - name: jenkins
          image: jenkins-master:1.0
          env:
            - name: JAVA_OPTS
              value: -Djenkins.install.runSetupWizard=false
          ports:
            - name: http-port
              containerPort: 8080
            - name: jnlp-port
              containerPort: 54000
          volumeMounts:
          - name: jenkins-home
            mountPath: /etc/config
      volumes:
        - name: jenkins-home
          hostPath:
            # directory location on host
            path: /data
            # this field is optional
            type: Directory
          configMap:
            name: jenkins-config
            items:
            - key: config
              path: config.xml

【讨论】:

  • 谢谢。但是这个实现会导致 touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Read-only file system Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions? 。我什至将 readOnly: false 添加到 VolumeMounts 但同样的错误。我也用这个更新了我的主要问题。
  • 尝试将卷配置为 hostPath,以便 Jenkins 可以对其进行写入。但请记住,您可能必须将您的 pod 限制到这个特定节点,否则如果 pod 在不同的节点上启动,您的配置将会改变。另一种方法是远程卷。更多关于音量here
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2018-12-25
  • 1970-01-01
  • 1970-01-01
  • 2012-04-25
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多