Error while deploying on OpenShift: AccessDeniedException: /.cache
sturivny opened this issue · 4 comments
Describe the bug
Getting an error while deploying Helm charts to the OpenShift
Error (Jenkins init pod):
Retrieving update center information
java.io.UncheckedIOException: java.nio.file.AccessDeniedException: /.cache
at io.jenkins.tools.pluginmanager.impl.CacheManager.createCache(CacheManager.java:57)
at io.jenkins.tools.pluginmanager.impl.PluginManager.getUCJson(PluginManager.java:801)
at io.jenkins.tools.pluginmanager.impl.PluginManager.start(PluginManager.java:207)
at io.jenkins.tools.pluginmanager.impl.PluginManager.start(PluginManager.java:171)
at io.jenkins.tools.pluginmanager.cli.Main.main(Main.java:70)
Caused by: java.nio.file.AccessDeniedException: /.cache
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
at java.base/sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:389)
at java.base/java.nio.file.Files.createDirectory(Files.java:690)
at io.jenkins.tools.pluginmanager.impl.CacheManager.createCache(CacheManager.java:50)
... 4 more
java.nio.file.AccessDeniedException: /.cache
Version of Helm and Kubernetes:
Helm Version:
$ helm version
version.BuildInfo{Version:"v3.5.0+6.el8", GitCommit:"77fb4bd2415712e8bfebe943389c404893ad53ce", GitTreeState:"clean", GoVersion:"go1.14.12"}
OpenShift/Kubernetes Version:
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.3", GitCommit:"06ad960bfd03b39c8310aaf92d1e7c12ce618213", GitTreeState:"clean", BuildDate:"2020-02-11T18:14:22Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.10+bbbc079", GitCommit:"c252961cae6d88fe6aae01264619dabf4552e8a5", GitTreeState:"clean", BuildDate:"2021-09-17T20:21:04Z", GoVersion:"go1.15.14", Compiler:"gc", Platform:"linux/amd64"}
Which version of the chart:
CHART: jenkins-3.8.8
APP VERSION: 2.303.3
What happened:
Got an error on OpenShift: AccessDeniedException: /.cache
What you expected to happen:
App has been deployed successfully without any errors
How to reproduce it (as minimally and precisely as possible):
Create a helm values file jenkins-helm.yaml:
controller:
healthProbeLivenessInitialDelay: 180
probes:
startupProbe:
failureThreshold: 120
sidecars:
configAutoReload:
image: docker://docker.io/jenkins/jenkins:lts
image: docker://docker.io/jenkins/jenkins:lts
jenkinsUrl: ""
usePodSecurityContext: false
additionalPlugins:
- 'jms-messaging'
- 'oic-auth'
- 'ircbot'
- 'matrix-auth'
- 'throttle-concurrents'
- 'pipeline-utility-steps'
- 'ws-cleanup'
- 'prometheus'
- 'saferestart'
- 'notification'
adminPassword: 'test1234'
overwritePluginsFromImage: true
# This Jenkins is configured and managed 'as code'.
JCasC:
configScripts:
welcome-message: |
jenkins:
systemMessage: "Welcome to the server."
resources:
requests:
cpu: "1000m"
memory: "4096Mi"
limits:
cpu: "3000m"
memory: "12288Mi"
Deploy it to OpenShift:
helm install -f jenkins-helm.yaml jenkins-test jenkinsci/jenkins
Anything else we need to know:
Updated Docker file fixes the issue:
FROM docker://docker.io/jenkins/jenkins:lts
USER root
RUN mkdir /.cache && chmod -Rf g+ws /.cache
Now when I put the updated image as the image to the helm values file it works!
Hi, any updates on this?
Hi,
Not really a bug of the chart or jenkins image. Permission are just more strict on Openshift/OKD
You can use environment variable of the initContainer to be used by the plugin-installation-manager-tool to download and cache plugin to a writable location.
For example
initContainerEnv:
- name: CACHE_DIR
value: "/tmp/cache"
- name: PLUGIN_DIR
value: "/tmp/plugins"
CF : https://github.com/jenkinsci/plugin-installation-manager-tool#advanced-configuration
Best regards,
@jonesbusy Hi. This helps. Thank you for the solution. The issue can be closed.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.