Home > Software engineering >  Jenkins Pipelines: run steps as specific user
Jenkins Pipelines: run steps as specific user

Time:07-01

I need help, have been spinning my wheels for hours with no progress. Here is my deal: I have an existing buildbox that uses cronjobs to execute local ansible playbooks. These ansible playbooks execute build scripts provided by another team.

Everything I need is on the buildbox. My goal is to spin up Jenkins, mount the directory where everything runs from currently and get Jenkins to trigger jobs instead of cronjob.

I successfully have configured a Dockerfile and casc.yaml to spin up a Jenkins container. Jenkins is currently set to run as root which I will change later. I need to run build jobs under a specific service account thebuilder which is already on the system so that I dont need to mess around with the current pipeline. Odd thing is that when I sudo -u user -l and perform commands with ~ output always references the root home directory.

So far for my testing, I am only running a few of the initial commands until I get this working, then I will implement the rest.

Jenkins startup command:

sudo docker run --name jenkins_dev --rm -v /opt/home/thebuilder/p4:/opt/home/thebuilder/p4 -p 8080:8080 jenkins:jenkins_dev

My Script:

pipeline {
    agent any
    stages {
        stage ('Account: Create thebuilder user') {
            steps {
                sh "grep thebuilder /etc/passwd || useradd -m -d /opt/home/thebuilder thebuilder"
            }
        }
        stage ('Check dir') {
            steps {
                sh "sudo -u thebuilder -i ls ~"
            }
        }
        stage ('P4 Login') {
            steps {
                sh "sudo -u thebuilder -i export P4CONFIG=~/.p4settings-builds; sudo -u thebuilder -i /bin/p4 login < ~/.p4p"
            }
        }
    }
}

Output:

Started by user Doe, John
Running as Doe, John
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /var/jenkins_home/jobs/Builds/jobs/Builds2022/workspace
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Account: Create thebuilder user)
[Pipeline] sh
  grep thebuilder /etc/passwd
thebuilder:x:1001:1001::/opt/home/thebuilder:/bin/bash
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Check dir)
[Pipeline] sh
  sudo -u thebuilder -i ls /root
ls: cannot open directory /root: Permission denied
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (P4 Login)
Stage "P4 Login" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 2
Finished: FAILURE

I have also tried to use the full home path /opt/home/thebuilder instead of ~ but that makes little difference.

I have scoured the internet, but I keep landing on to run Jenkins under another use and not a specific job.

I came across 3 possible solutions:

  1. use sudo, which doesnt seem to work
  2. use build user vars plugin, which I cant figure out how to plug into my script
  3. use Jenkins agents to run/ssh under desired user, which I haven't tried yet

I should point out the I created a freestyle job that pointed to an ansible playbook in the same directory and it executed fine. So the mount and permissions are not an issue.

I hope I have provided enough context here.

Sorry for all the long text.

Help is greatly appreciated.

CodePudding user response:

Run jenkins job on target machine of respective user. Hope this helps you. Ref: https://plugins.jenkins.io/ssh-agent/

  • Related