Hi Tim, I have not run on Tectonic. However. I believe the issue is that the podTemplate / plugin does not support "runAsUser" (afaik). Using "runAsUser" would allow you to map the owner of the containerized build process to the user on the underlying host with docker access. Without "runAsUser" support, you probably could hack the jnlp-agent to run with the same UID as needed.
-Chris On Monday, January 8, 2018 at 8:37:19 PM UTC+2, Tim Zhukov wrote: > > Hi, > > Have anyone deployed a jenkins on CoreOs Tectonic? I'm experimenting with > a docker build container and I can't figure out how to run it as jenkins > user instead of root. I figured out that I need to give jenkins user access > to host's docker group, but before I start sshing on the node and such, I > was wondering if anyone has had experience with this. > > -- > Best > Tim Zhukov > > On Thu, Jan 4, 2018 at 1:22 PM, Vamsi krishna <vamsikri...@gmail.com > <javascript:>> wrote: > >> Hello all.... >> >> Local headers refused by remote: Authorization failure >> Jan 04, 2018 6:13:25 PM hudson.remoting.jnlp.Main$CuiListener status >> INFO: Protocol JNLP4-connect encountered an unexpected exception >> >> whats this error means... this is the logs error i am getting in my >> pod.. can anyone have idea.. i am thinking remote jnlp-4 is not accepting >> that container and the jnlp port issue i am guessing but not sure? any idea >> On Wednesday, January 3, 2018 at 9:38:52 AM UTC-8, Carlos Sanchez wrote: >>> >>> I don't think it is possible, a volumes field would need to be added to >>> KubernetesDeclarativeAgent >>> >>> https://github.com/jenkinsci/kubernetes-plugin/blob/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/KubernetesDeclarativeAgent.java >>> >>> On Wed, Jan 3, 2018 at 4:46 PM, Tim Zhukov <zlan...@gmail.com> wrote: >>> >>>> Hey All, >>>> >>>> Is volume support still in development? I would like to use declarative >>>> syntax with k8s plugin, but our agent containers share persistence across >>>> pod with volume mounts. >>>> >>>> -- >>>> Best >>>> Tim Zhukov >>>> >>>> >>>> On Friday, September 22, 2017 at 12:11:28 PM UTC-4, Vincent Heet wrote: >>>>> >>>>> Hi Chris, >>>>> >>>>> No I didn't. I ended up rewriting my Jenkinsfile in the >>>>> non-declarative Groovy format which worked like a charm. >>>>> >>>>> Greetings, Vincent >>>>> >>>>> On Friday, September 22, 2017 at 11:29:40 AM UTC+2, Chris Willmore >>>>> wrote: >>>>>> >>>>>> Hey Vincent - did you ever give this a try? I'm looking at doing this >>>>>> now and was wondering if you ran into any blockers. >>>>>> -Chris >>>>>> >>>>>> On Thursday, August 10, 2017 at 1:03:46 PM UTC+3, Vincent Heet wrote: >>>>>>> >>>>>>> Ok so maybe i'm able to add this myself next week. I looked at the >>>>>>> class you mentioned but would adding the PodTemplate class as a >>>>>>> property >>>>>>> there fix my issue? And I'm not sure why you mention volumes, volumes >>>>>>> would >>>>>>> then be supported from the PodTemplate if I understand this correctly? >>>>>>> >>>>>>> >>>>>>> On Thursday, August 10, 2017 at 10:27:14 AM UTC+2, Carlos Sanchez >>>>>>> wrote: >>>>>>>> >>>>>>>> It is not yet possible. Volumes would need to be added to the class >>>>>>>> https://github.com/jenkinsci/kubernetes-plugin/blob/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/KubernetesDeclarativeAgent.java >>>>>>>> >>>>>>>> On Thu, Aug 10, 2017 at 9:22 AM, Vincent Heet <vince...@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I configured a declarative pipeline with the kubernetes-plugin to >>>>>>>>> start a jenkins job's in a k8s cluster. This is working great but now >>>>>>>>> I >>>>>>>>> want to use volumes for secrets and need to specify a podTemplate. >>>>>>>>> I'm not >>>>>>>>> sure how to configure a podTemplate for a declarative pipeline. The >>>>>>>>> pipeline that is working: >>>>>>>>> >>>>>>>>> >>>>>>>>> pipeline { >>>>>>>>> agent { >>>>>>>>> kubernetes { >>>>>>>>> label 'jenkins-demo' >>>>>>>>> containerTemplate { >>>>>>>>> name 'dind-jdk8-maven3' >>>>>>>>> image 'eu.gcr.io/jenkins-demo/dind-jdk8-maven3:v4' >>>>>>>>> ttyEnabled true >>>>>>>>> command 'cat' >>>>>>>>> } >>>>>>>>> } >>>>>>>>> } >>>>>>>>> stages { >>>>>>>>> } >>>>>>>>> } >>>>>>>>> >>>>>>>>> >>>>>>>>> The above I would like to extend with a podTemplate containing >>>>>>>>> volumes and a secretVolume. The issue is that I don't know the >>>>>>>>> correct >>>>>>>>> syntax for specifying a podTemplate in the declarative pipeline. So I >>>>>>>>> came >>>>>>>>> up with this: >>>>>>>>> >>>>>>>>> >>>>>>>>> pipeline { >>>>>>>>> agent { >>>>>>>>> kubernetes { >>>>>>>>> label 'jenkins-demo' >>>>>>>>> podTemplate { >>>>>>>>> volumes { >>>>>>>>> secretVolume(secretName: 'some-secret', >>>>>>>>> mountPath: '/some-secret') >>>>>>>>> } >>>>>>>>> containerTemplate { >>>>>>>>> name 'dind-jdk8-maven3' >>>>>>>>> image ' >>>>>>>>> eu.gcr.io/jenkins-demo/dind-jdk8-maven3:v4' >>>>>>>>> ttyEnabled true >>>>>>>>> command 'cat' >>>>>>>>> } >>>>>>>>> } >>>>>>>>> } >>>>>>>>> } >>>>>>>>> stages { >>>>>>>>> } >>>>>>>>> } >>>>>>>>> >>>>>>>>> >>>>>>>>> Ofcourse this doesn't work an throws an error. Can anyone help me >>>>>>>>> out with specifying a podTemplate so I can use k8s secrets? >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Vincent >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Jenkins Users" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to jenkinsci-use...@googlegroups.com. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/jenkinsci-users/a69efdfc-7c1c-4e4f-a909-0b43ad95868b%40googlegroups.com >>>>>>>>> >>>>>>>>> <https://groups.google.com/d/msgid/jenkinsci-users/a69efdfc-7c1c-4e4f-a909-0b43ad95868b%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Jenkins Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to jenkinsci-use...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/jenkinsci-users/2be2f487-e5db-4770-a2e1-e2ed402e1f1b%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/jenkinsci-users/2be2f487-e5db-4770-a2e1-e2ed402e1f1b%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Jenkins Users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/jenkinsci-users/DEwTX-C5ct4/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> jenkinsci-use...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/f6324704-c29a-4d1c-8bd7-6a07a7b38b38%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-users/f6324704-c29a-4d1c-8bd7-6a07a7b38b38%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/f825b7dc-ed98-4b99-b60a-0e6db7f74c71%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
