Changing user/group causes strange NoSuchFileException
vrmerlin opened this issue · 5 comments
Jenkins and plugins versions report
Environment
Paste the output here
What Operating System are you using (both controller, and any agents involved in the problem)?
Linux/Kubernetes
Reproduction steps
I'm attempting to install the Jenkins Helm chart to our Kubernetes cluster. I'd like Jenkins to run as a particular user and group. I am adding the following to my values.yaml file:
controller:
podSecurityContextOverride:
runAsUser: 446
runAsGroup: 245
fsGroup: 446
fsGroup: 446
runAsUser: 446
runAsGroup: 245
serviceAccount: jenkins-admin
containerSecurityContext:
runAsUser: 446
runAsGroup: 245
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
Expected Results
I'm expecting the pod/containers to run as user 446 and group 245, and create all the appropriate files in storage I've also declared (through a PersistentVolumeClaim).
The Jenkins application should start and all Jenkins home content should be initialized properly (i.e. the UID/GID should be correct).
Actual Results
The pod starts, and I see an init container. I can verify that the container is creating several files correctly:
-rw-r--r-- 1 cm-nif cm1 120 Jun 14 16:30 plugins.txt
-rw-r--r-- 1 cm-nif cm1 8 Jun 14 16:30 jenkins.install.InstallUtil.lastExecVersion
-rw-r--r-- 1 cm-nif cm1 8 Jun 14 16:30 jenkins.install.UpgradeWizard.state
The user/group permissions are being done correctly. BUT, the init container crashes, throwing this error:
Will use war file: /usr/share/jenkins/jenkins.war
Retrieving update center information
java.io.UncheckedIOException: java.nio.file.NoSuchFileException: ?/.cache
at io.jenkins.tools.pluginmanager.impl.CacheManager.createCache(CacheManager.java:48)
at io.jenkins.tools.pluginmanager.impl.PluginManager.getUCJson(PluginManager.java:843)
at io.jenkins.tools.pluginmanager.impl.PluginManager.start(PluginManager.java:225)
at io.jenkins.tools.pluginmanager.impl.PluginManager.start(PluginManager.java:189)
at io.jenkins.tools.pluginmanager.cli.Main.main(Main.java:52)
Caused by: java.nio.file.NoSuchFileException: ?/.cache
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
at java.base/sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:389)
at java.base/java.nio.file.Files.createDirectory(Files.java:690)
at io.jenkins.tools.pluginmanager.impl.CacheManager.createCache(CacheManager.java:43)
... 4 more
java.nio.file.NoSuchFileException: ?/.cache
Anything else?
No response
You would also need to rebuild the docker image change the uid and gid
You would also need to rebuild the docker image change the uid and gid
I shouldnt-- that's what the Helm chart values.yaml is for. And it's clearly setting permissions correctly, except for this cache.
That user doesn't exist in the container though so will cause problems as far as I know
Similar to this jenkinsci/helm-charts#506
If you change the UID/GUI you need to ensure to have write access to directories the plugin-installation-manager use
Similar to this jenkinsci/helm-charts#506
If you change the UID/GUI you need to ensure to have write access to directories the plugin-installation-manager use
I do have write access though, as demonstrated by the three files shown above that are being created by Jenkins on startup. It gets that far, but then fails on the cache creation. That's the problem.