我正在docker中运行Jenkins实例,并使用docker-compose在 RHEL 7.7主机
上启动了该实例docker版本:Docker 1.13.1版,内部版本64e9980 / 1.13.1
docker撰写文件
version: "3.5"
services:
jenkins:
image: jenkins:2.251-slim
container_name: jenkins
privileged: true
user: 1000:2020
ports:
- "8000:8080"
- "50000:50000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock # Expose the docker daemon in the container
- ./jenkins:/var/jenkins_home:rwz # Jenkins workspace
networks:
- backend
networks:
backend:
name: sup_bridge
driver: "bridge"
我最初遇到的问题是jenkins无法访问已挂载的./jenkins目录,后来发现selinux在我的计算机中处于强制状态
cat /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=targeted
通过在jenkins home的卷装载中添加:rwz来解决该问题
Jenkins现在工作正常,能够安装插件,并且我创建了多分支管道,
在分支中包含Jenkinsfile的管道阶段,
# Jenkinsfile
pipeline {
agent none
triggers {
cron('25 */4 * * *')
}
stages {
stage('Download Data') {
agent {
docker {
image 'sup:python-3.6-slim'
args '--network=sup_bridge'
}
}
steps {
withCredentials([
usernamePassword(credentialsId: 'stgapi-username-pass', passwordVariable: 'pass', usernameVariable: 'user'),
usernamePassword(credentialsId: 'user-git-creds', usernameVariable: 'gituser', passwordVariable: 'gitpass'),
usernamePassword(credentialsId: 'mongo-connection-url', usernameVariable: 'mongo', passwordVariable: 'mongo_url'),
]) {
// the code in here can access $pass and $user
sh 'git config --global credential.helper store'
// to access and install some pip libraries from private hosted git server
// $gitpass is of format https://user:pass@gitserver.com
sh 'echo "$gitpass" > ~/.git-credentials'
sh 'python --version'
sh 'pip install -r requirements.txt'
sh 'export username=$user && export password=$pass && export mongo_database="test" && export mongo_connection=$mongo_url && python runner.py'
}
}
}
}
}
当我在该分支上触发Jenkins构建时,它使容器摇摇欲坠,但挂在执行脚本上,并且超时了,
Jenkins构建控制台输出,
...
...
...
[Pipeline] withEnv
[Pipeline] {
[Pipeline] isUnix
[Pipeline] sh
+ docker inspect -f . sup:python-3.6-slim
.
[Pipeline] withDockerContainer
Jenkins seems to be running inside container d35f65a438579849028b27162bbd30067992b2fce2561d0efa65e2a4cca4a462
$ docker run -t -d -u 1000:2020 --network=sup_bridge -w /var/jenkins_home/workspace/hon-scripts_release_demo-scripts --volumes-from d35f65a438579849028b27162bbd30067992b2fce2561d0efa65e2a4cca4a462 -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** sup:python-3.6-slim cat
$ docker top 99cdb9d0b568fa04db05606dd47db42d5af3eb051ae8df7f18bcf98966453276 -eo pid,comm
[Pipeline] {
[Pipeline] withCredentials
Masking supported pattern matches of $user or $pass or $svcStgUser or $svcStgPass or $mongo or $mongo_url
[Pipeline] {
[Pipeline] sh
process apparently never started in /var/jenkins_home/workspace/hon-scripts_release_demo-scripts@tmp/durable-edbff6e4
(running Jenkins temporarily with -Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true might make the problem clearer)
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
$ docker stop --time=1 99cdb9d0b568fa04db05606dd47db42d5af3eb051ae8df7f18bcf98966453276
$ docker rm -f 99cdb9d0b568fa04db05606dd47db42d5af3eb051ae8df7f18bcf98966453276
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // stage
[Pipeline] End of Pipeline
ERROR: script returned exit code -2
Finished: FAILURE
我尝试在容器运行时登录到该容器,并且在运行ls时出现权限拒绝错误,
root@storage:/root $ docker exec -ti 99cdb9d0b568fa04db05606dd47db42d5af3eb051ae8df7f18bcf98966453276 bash
I have no name!@99cdb9d0b568:/var/jenkins_home/workspace/hon-scripts_release_demo-scripts$ ls
ls: cannot open directory '.': Permission denied
I have no name!@99cdb9d0b568:/var/jenkins_home/workspace/hon-scripts_release_demo-scripts$
在Jenkins容器中,我看到一切都很好,
root@storage:/root $ docker exec -ti jenkins bash
jenkins@d35f65a43857:/$ ls -l /var/jenkins_home/workspace/hon-scripts_release_demo-scripts
total 24
-rw-r--r--. 1 jenkins 2020 1171 Aug 22 06:40 Dockerfile
-rw-r--r--. 1 jenkins 2020 1231 Aug 23 06:37 Jenkinsfile
-rw-r--r--. 1 jenkins 2020 107 Aug 21 16:25 README.md
-rw-r--r--. 1 jenkins 2020 100 Aug 21 16:25 requirements.txt
-rw-r--r--. 1 jenkins 2020 2672 Aug 21 16:25 runner.py
-rw-r--r--. 1 jenkins 2020 9 Aug 21 16:25 xio-list.txt
jenkins@d35f65a43857:/$ id jenkins
uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)
jenkins@d35f65a43857:/$
容器详细信息,
root@storage:/apps/sup-docker-files $ docker inspect jenkins
[
{
"Id": "d35f65a438579849028b27162bbd30067992b2fce2561d0efa65e2a4cca4a462",
"Created": "2020-08-21T16:01:26.975885118Z",
"Path": "/sbin/tini",
"Args": [
"--",
"/usr/local/bin/jenkins.sh"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 42107,
"ExitCode": 0,
"Error": "",
"StartedAt": "2020-08-23T06:42:15.242777419Z",
"FinishedAt": "2020-08-23T06:42:14.725898361Z"
},
"Image": "sha256:d5b43f2e4e274587e35c9a96c4a7126e8a038526179e33e03eca15885b6ea86d",
"ResolvConfPath": "/var/lib/docker/containers/d35f65a438579849028b27162bbd30067992b2fce2561d0efa65e2a4cca4a462/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d35f65a438579849028b27162bbd30067992b2fce2561d0efa65e2a4cca4a462/hostname",
"HostsPath": "/var/lib/docker/containers/d35f65a438579849028b27162bbd30067992b2fce2561d0efa65e2a4cca4a462/hosts",
"LogPath": "",
"Name": "/jenkins",
"RestartCount": 0,
"Driver": "overlay2",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": [
"a0cec19243e66453ebd98bd56080227c4b84ea7008f988463c109404192a0468"
],
"HostConfig": {
"Binds": [
"/apps/sup-docker-files/jenkins:/var/jenkins_home:rw",
"/var/run/docker.sock:/var/run/docker.sock:rw"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": {}
},
"NetworkMode": "sup_bridge",
"PortBindings": {
"50000/tcp": [
{
"HostIp": "",
"HostPort": "50000"
}
],
"8080/tcp": [
{
"HostIp": "",
"HostPort": "8000"
}
]
},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": true,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [
"label=disable"
],
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "docker-runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Name": "overlay2",
"Data": {
"LowerDir": "/var/lib/docker/overlay2/ab66e81361bde255fbc1f1c07b0491bc50e5d0089bb50de7663ae76eec30e93c-init/diff:/var/lib/docker/overlay2/9399117d0334821a325394fb4400e506a3c95342b9f84f627bae7fc0f00c557b/diff:/var/lib/docker/overlay2/4ee0450a85bb94883d86217e6e477a058d78a1894883b49e76822fcac42d1fef/diff:/var/lib/docker/overlay2/955d3e785ce494c24230c829cba6d55ad30d24066b78473f688d14a33d86c51d/diff:/var/lib/docker/overlay2/68fb301072578685f05f722644ccbc96d686e2f5cf3df8fa49acc2242997cc4b/diff:/var/lib/docker/overlay2/7beae213d72e90260c6950dc7b46a61a9d8b0292dc7ce239fbe65a250604b8c7/diff:/var/lib/docker/overlay2/23b8c42f4af72826fc4fe4902772017887f8e24b2d52d7d552c9d65cb8f3c201/diff:/var/lib/docker/overlay2/a1f6e6ed7ce0c49cddea5366cb6cf93cf08fd53e4bb627b5ec265e8b633d552d/diff:/var/lib/docker/overlay2/135017c88a16e2771b2fd1a7258a4fd363d9415721c429539ef3f5ffc188ff95/diff:/var/lib/docker/overlay2/eb5df73b4cefe9363beaefb685554b171209d272154153e74d9ca3320cf25bd6/diff:/var/lib/docker/overlay2/800ac38cf9d797c5aedf8fcf9d31fa20b0d62a1befe43fa1101db0991a840426/diff:/var/lib/docker/overlay2/23b8c68e4587d1d17236ac90e5bc27fe42729017fafc5ee21a6111db93130d15/diff:/var/lib/docker/overlay2/cd365484f184147b216fa2958669bfa1a3fc46195dce1f47a241d38300687dfe/diff:/var/lib/docker/overlay2/fd0c78be3c352634fcbede164a69896bfa519e735610687e0acd4d599cdb821b/diff:/var/lib/docker/overlay2/2737db6b73657fb25875155997c28cbca39a62ae6a41e97fa0bd01c5ac568a5d/diff:/var/lib/docker/overlay2/772ab50e1dbb08318e95799450953a7bbb262e71f78e7dc9eb2ed27dda217bc6/diff:/var/lib/docker/overlay2/df7f9928a06fdb680d56b1c47c58c4d0af8e2b94749a9da327c84e180b4b1906/diff",
"MergedDir": "/var/lib/docker/overlay2/ab66e81361bde255fbc1f1c07b0491bc50e5d0089bb50de7663ae76eec30e93c/merged",
"UpperDir": "/var/lib/docker/overlay2/ab66e81361bde255fbc1f1c07b0491bc50e5d0089bb50de7663ae76eec30e93c/diff",
"WorkDir": "/var/lib/docker/overlay2/ab66e81361bde255fbc1f1c07b0491bc50e5d0089bb50de7663ae76eec30e93c/work"
}
},
"Mounts": [
{
"Type": "bind",
"Source": "/apps/sup-docker-files/jenkins",
"Destination": "/var/jenkins_home",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/var/run/docker.sock",
"Destination": "/var/run/docker.sock",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "d35f65a43857",
"Domainname": "",
"User": "1000:2020",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"50000/tcp": {},
"8080/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/openjdk-8/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"LANG=C.UTF-8",
"JAVA_HOME=/usr/local/openjdk-8",
"JAVA_VERSION=8u265",
"JENKINS_HOME=/var/jenkins_home",
"JENKINS_SLAVE_AGENT_PORT=50000",
"REF=/usr/share/jenkins/ref",
"JENKINS_VERSION=2.251",
"JENKINS_UC=https://updates.jenkins.io",
"JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental",
"JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals",
"COPY_REFERENCE_FILE_LOG=/var/jenkins_home/copy_reference_file.log"
],
"Cmd": null,
"Image": "hub.docker.prod.walmart.com/jenkins/jenkins:2.251-slim",
"Volumes": {
"/var/jenkins_home": {},
"/var/run/docker.sock": {}
},
"WorkingDir": "",
"Entrypoint": [
"/sbin/tini",
"--",
"/usr/local/bin/jenkins.sh"
],
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "8262323b7455e26e006d5a9622c59c762a8ee8ac5d7abec9f08a75af879ff6f7",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "sup-docker-files",
"com.docker.compose.service": "jenkins",
"com.docker.compose.version": "1.21.2"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "0bdefa52a1fdc80b96879599f5c972af9d14773ab53559de1d0130470a13dd51",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"50000/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "50000"
}
],
"8080/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8000"
}
]
},
"SandboxKey": "/var/run/docker/netns/0bdefa52a1fd",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"sup_bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"jenkins",
"d35f65a43857"
],
"NetworkID": "853e635af231810586eec328f0a6175355095af839e2ea67ba298e3d08df96a9",
"EndpointID": "395e46f06194676038287a9e4364bc6466ace54ab81eb5cd28c6a6a7ee613ea8",
"Gateway": "172.19.0.1",
"IPAddress": "172.19.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:13:00:02"
}
}
}
}
]
root@storage:/apps/sup-docker-files $
sup:python-3.6-slim的Docker文件
# https://www.debian.org/releases/buster/ - Debian buster
FROM python:3.6-slim
# Installing the required packages
RUN apt-get update \
&& apt-get install -yq git \
&& apt-get autoremove \
&& apt-get clean \
&& rm -rf /var/lib/apt
# upgrading pip to latest version
RUN pip install --upgrade pip
我的Macbook上的相同设置运行正常,没有任何问题,并按预期完成了工作。
由于安全原因,我无法禁用selinux。
请帮帮我!