Jenkins docker agent pipeline without root

Question

I have a Jenkinsfile with a very basic pipeline that spins up a docker container:

pipeline {

  agent { dockerfile { args '-u root' } }

  stages {
    stage('Test') {
      steps {
        echo 'Testing...'
        sh 'whoami'
      }
    }
  }
}

The problem is that the app I have setup inside my container is configured in such a way that it must run as it's own user, running as root will cause the application to fail on startup. If I change my args to args '-u foo' , I get errors after the container is built:

/var/lib/jenkins/workspace/*/*/jenkins-log.txt permission denied

This path is exists inside both the container and the jenkins server. I am having issues with the path inside the container. One of the files saved in that location is also a scripts.sh - jenkins transcribes all the sh commands in the pipeline to that file and runs that file.

That puts me in a difficult spot - it seems as if Jenkins requires the container to be run as root to actually send any commands, or interact with anything inside the container, but the container will not build correctly unless I use foo .

Does anyone have any ideas on a good solution for this problem?

Answer 1

The trouble is that on linux machines docker mostly runs as root. Docker needs te run as root otherwise it will have trouble with networking and stuff. So your docker container is run by a root process and all files created will be created by the "root" enabled container.

Jenkins though mostly does not run as root and has therefore no rights to delete these files.

Possible solution:

• Make sure that the files created in the volume (to local jenkins drive) have rights assigned to them that jenkins can work with

Hope I interpreted your question correctly and it helps...