If this is of use to anybody else, I was able to workaround this implementation problem in the jenkinsci/docker with the following:
FROM jenkins:2.19.4 ARG user=jenkins ARG group=jenkins ARG olduid=1000 ARG oldgid=1000 ARG uid ARG gid ENV JENKINS_HOME /var/lib/jenkins ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log USER root RUN usermod -u $uid $user RUN usermod -d /var/lib/jenkins $user RUN groupmod -g $gid $group RUN usermod -g $gid $group RUN find / -path /proc -prune -o -group $oldgid -print | xargs chgrp -hv $group RUN find / -path /proc -prune -o -user $olduid -print | xargs chown -hv $user RUN cp -R /var/jenkins_home /var/lib/jenkins RUN chown -R $user:$group /var/lib/jenkins VOLUME /var/lib/jenkins USER $user And building with `--build-args uid=$(id -u) --build-args gid=$(id -g)` This isn't pretty, and I'm not entirely sure that it's the way I want to do it. Cloning the entire jenkinsci/docker repo and setting these build args directly seems like a better option. On Wednesday, 4 January 2017 17:05:56 UTC, Barry Laffoy wrote: > > Dirk Heinrichs' comments have made me realise that this problem goes both > ways. Since my host has a user with uid 1000, the data volume on the host > at, say, > /var/lib/docker/volumes/6a70b50dc1c6d201bd772e8d4bf8cb17d9668fbed0661e27b5fcf7d6b7847070/_data > > is actually owned by that host user. > > What I need to be doing is building the jenkinsci/docker image with > "--build-arg uid=$(id -u) --build-arg gid=$(id -g)" to match the container > to the host user. > > On Wednesday, 4 January 2017 08:51:41 UTC, Barry Laffoy wrote: >> >> Aha, I understand what you're saying now. There is such a user on both >> the development and the production hosts I'm using, unfortunately. I'll >> investigate what can be done to change that. >> >> On Wednesday, 4 January 2017 08:44:45 UTC, Dirk Heinrichs wrote: >>> >>> Am 04.01.2017 um 09:35 schrieb Barry Laffoy: >>> >>> Thanks for the response, but I think I must be missing a trick because I >>> don't know what you're getting at. >>> >>> If say, the uid of the host user is 1005, and the uid of the container's >>> jenkins user is 1000, these clearly don't match. I would need to set the >>> uid of the user in the container to 1005 in order to let it use the mounted >>> keys, >>> >>> >>> You just need to make sure that the host dir is owned by the correct >>> uid/gid pair (the one that matches your jenkins user inside the container). >>> There's no need to also have that user on the host, too (although you can, >>> but then their uid/gid should simply match). I'd just make sure there's no >>> user on the host with the same uid/gid pair. This way, only root on the >>> host and the jenkins user inside the container will have access to the keys. >>> >>> HTH... >>> >>> Dirk >>> -- >>> *Dirk Heinrichs* >>> Senior Systems Engineer, Delivery Pipeline >>> OpenTextTM Discovery | Recommind >>> *Email*: [email protected] >>> *Website*: www.recommind.de >>> >>> Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach >>> >>> Vertretungsberechtigte Geschäftsführer John Marshall Doolittle, Gordon >>> Davies, Roger Illing, Registergericht Amtsgericht Bonn, Registernummer HRB >>> 10646 >>> >>> This e-mail may contain confidential and/or privileged information. If >>> you are not the intended recipient (or have received this e-mail in error) >>> please notify the sender immediately and destroy this e-mail. Any >>> unauthorized copying, disclosure or distribution of the material in this >>> e-mail is strictly forbidden >>> >>> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte >>> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail >>> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und >>> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte >>> Weitergabe dieser Mail sind nicht gestattet. >>> >>> www.recommind.com >>> >> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/f7e97815-30ca-4b95-8b14-e5c6c8154bb7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
