I need help, have been spinning my wheels for hours with no progress. Here is my deal: I have an existing buildbox that uses cronjobs to execute local ansible playbooks. These ansible playbooks execute build scripts provided by another team.
Everything I need is on the buildbox. My goal is to spin up Jenkins, mount the directory where everything runs from currently and get Jenkins to trigger jobs instead of cronjob.
I successfully have configured a Dockerfile and casc.yaml to spin up a Jenkins container. Jenkins is currently set to run as root which I will change later. I need to run build jobs under a specific service account thebuilder which is already on the system so that I dont need to mess around with the current pipeline. Odd thing is that when I sudo -u user -l and perform commands with ~ output always references the root home directory.
So far for my testing, I am only running a few of the initial commands until I get this working, then I will implement the rest.
Jenkins startup command:
sudo docker run --name jenkins_dev --rm -v /opt/home/thebuilder/p4:/opt/home/thebuilder/p4 -p 8080:8080 jenkins:jenkins_dev
My Script:
pipeline {
agent any
stages {
stage ('Account: Create thebuilder user') {
steps {
sh "grep thebuilder /etc/passwd || useradd -m -d /opt/home/thebuilder thebuilder"
}
}
stage ('Check dir') {
steps {
sh "sudo -u thebuilder -i ls ~"
}
}
stage ('P4 Login') {
steps {
sh "sudo -u thebuilder -i export P4CONFIG=~/.p4settings-builds; sudo -u thebuilder -i /bin/p4 login < ~/.p4p"
}
}
}
}
Output:
Started by user Doe, John
Running as Doe, John
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /var/jenkins_home/jobs/Builds/jobs/Builds2022/workspace
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Account: Create thebuilder user)
[Pipeline] sh
grep thebuilder /etc/passwd
thebuilder:x:1001:1001::/opt/home/thebuilder:/bin/bash
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Check dir)
[Pipeline] sh
sudo -u thebuilder -i ls /root
ls: cannot open directory /root: Permission denied
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (P4 Login)
Stage "P4 Login" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 2
Finished: FAILURE
I have also tried to use the full home path /opt/home/thebuilder instead of ~ but that makes little difference.
I have scoured the internet, but I keep landing on to run Jenkins under another use and not a specific job.
I came across 3 possible solutions:
- use sudo, which doesnt seem to work
- use build user vars plugin, which I cant figure out how to plug into my script
- use Jenkins agents to run/ssh under desired user, which I haven't tried yet
I should point out the I created a freestyle job that pointed to an ansible playbook in the same directory and it executed fine. So the mount and permissions are not an issue.
I hope I have provided enough context here.
Sorry for all the long text.
Help is greatly appreciated.
CodePudding user response:
Run jenkins job on target machine of respective user. Hope this helps you. Ref: https://plugins.jenkins.io/ssh-agent/