[JIRA] (JENKINS-58766) kubernetes-plugin access denied after update to 1.18.0

seckler@in.tum.de (JIRA)

unread,

Aug 1, 2019, 10:47:02 AM8/1/19

to jenkinsc...@googlegroups.com

Steffen Seckler created an issue

Jenkins /

JENKINS-58766

kubernetes-plugin access denied after update to 1.18.0

Issue Type:	Bug
Assignee:	Carlos Sanchez
Components:	kubernetes-plugin
Created:	2019-08-01 14:46
Environment:	Jenkins 2.187, kubernetes-plugin 1.18.0
Priority:	Minor
Reporter:	Steffen Seckler

After updating to kubernetes-plugin 1.18.0 I got an error when using the old /home/jenkins directory inside of a pod template definition. Using /home/jenkins/agent in the pod templates worked, however. The error was:
```
Also: hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from ............(hidden).............
at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1743)
at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357)
at hudson.remoting.Channel.call(Channel.java:957)
at hudson.FilePath.act(FilePath.java:1072)
at hudson.FilePath.act(FilePath.java:1061)
at hudson.FilePath.mkdirs(FilePath.java:1246)
at hudson.plugins.git.GitSCM.createClient(GitSCM.java:821)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1169)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:124)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:93)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:80)
at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
java.nio.file.AccessDeniedException: /home/jenkins/workspace
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
at java.nio.file.Files.createDirectory(Files.java:674)
at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
at java.nio.file.Files.createDirectories(Files.java:767)
at hudson.FilePath.mkdirs(FilePath.java:3239)
at hudson.FilePath.access$1300(FilePath.java:212)
at hudson.FilePath$Mkdirs.invoke(FilePath.java:1254)
at hudson.FilePath$Mkdirs.invoke(FilePath.java:1250)
at hudson.FilePath$FileCallableWrapper.call(FilePath.java:3052)
at hudson.remoting.UserRequest.perform(UserRequest.java:212)
at hudson.remoting.UserRequest.perform(UserRequest.java:54)
at hudson.remoting.Request$2.run(Request.java:369)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93)
at java.lang.Thread.run(Thread.java:748)
Finished: FAILURE
```

This might have sth. to do with using the default jnlp container that most likely now uses the new directory `/home/jenkins/agent` ) and custom additional containers still using the old home directory `/home/jenkins`.

*Steps to reproduce*
1. create pod template with default jnlp container by not specifying said jnlp container
2. add an additional container using /home/jenkins as home directory

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

seckler@in.tum.de (JIRA)

unread,

Aug 1, 2019, 10:50:04 AM8/1/19

to jenkinsc...@googlegroups.com

Steffen Seckler updated an issue

Jenkins /

JENKINS-58766

kubernetes-plugin access denied after update to 1.18.0

Change By:	Steffen Seckler

**Steps to reproduce**

1. create pod template with default jnlp container by not specifying said jnlp container
2. add an additional container using /home/jenkins as home directory

** Workaround**
Use the new default directory /home/jenkins/agent in all containers

** Related Issues/PR**
https://issues.jenkins-ci.org/browse/JENKINS-58705
https://github.com/jenkinsci/kubernetes-plugin/pull/559

Add Comment

vincent@latombe.net (JIRA)

unread,

Aug 1, 2019, 12:47:03 PM8/1/19

to jenkinsc...@googlegroups.com

Vincent Latombe updated an issue

Jenkins /

JENKINS-58766

kubernetes-plugin access denied after update to 1.18.0

Change By:	Vincent Latombe

After updating to kubernetes-plugin 1.18.0 I got an error when using the old /home/jenkins directory inside of a pod template definition. Using /home/jenkins/agent in the pod templates worked, however. The error was:
```

{code}

``` {code}

This might have sth. to do with using the default jnlp container that most likely now uses the new directory `/home/jenkins/agent` ) and custom additional containers still using the old home directory `/home/jenkins`.

**Steps to reproduce**
1. create pod template with default jnlp container by not specifying said jnlp container
2. add an additional container using /home/jenkins as home directory

**Workaround**
Use the new default directory /home/jenkins/agent in all containers

Add Comment

vincent@latombe.net (JIRA)

unread,

Aug 1, 2019, 12:50:02 PM8/1/19

to jenkinsc...@googlegroups.com

Vincent Latombe commented on

JENKINS-58766

Re: kubernetes-plugin access denied after update to 1.18.0

Steffen Seckler Could you be more explicit by providing an example of pod template definition (either config.xml or snippet of Jenkinsfile) ?

Add Comment

seckler@in.tum.de (JIRA)

unread,

Aug 2, 2019, 3:48:03 AM8/2/19

to jenkinsc...@googlegroups.com

Steffen Seckler commented on

JENKINS-58766

Re: kubernetes-plugin access denied after update to 1.18.0

I have reduced the config a bit to only show one pod template and only two containers.
URLs have been replaced. (marked with <!-~~replaced url~~->)
It contains the already fixed directory marked with

 
                                                                <clouds>
    <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kuber...@1.18.0">
      <name>kubernetes on openshift pproc</name>
      <defaultsProviderTemplate></defaultsProviderTemplate>
      <templates>
        <org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
          <inheritFrom></inheritFrom>
          <name>default-jenkins-openshift-slave</name>
          <namespace>ls1autopasjenkins</namespace>
          <privileged>false</privileged>
          <capOnlyOnAlivePods>false</capOnlyOnAlivePods>
          <alwaysPullImage>false</alwaysPullImage>
          <instanceCap>3</instanceCap>
          <slaveConnectTimeout>3600</slaveConnectTimeout>
          <idleMinutes>0</idleMinutes>
          <activeDeadlineSeconds>0</activeDeadlineSeconds>
          <label>openshift-autoscale</label>
          <nodeSelector></nodeSelector>
          <nodeUsageMode>EXCLUSIVE</nodeUsageMode>
          <customWorkspaceVolumeEnabled>false</customWorkspaceVolumeEnabled>
          <workspaceVolume class="org.csanchez.jenkins.plugins.kubernetes.volumes.workspace.EmptyDirWorkspaceVolume">
            <memory>false</memory>
          </workspaceVolume>
          <volumes/>
          <containers>
            <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
              <name>ls1-docker</name>
              <image>docker-registry.default.svc:5000/ls1autopasjenkins/ls1-mardyn-image</image>
              <privileged>false</privileged>
              <alwaysPullImage>true</alwaysPullImage>
              <workingDir>/home/jenkins/agent</workingDir><!-- this is the problematic line -->
              <command>/bin/sh -c</command>
              <args>cat</args>
              <ttyEnabled>true</ttyEnabled>
              <resourceRequestCpu>20</resourceRequestCpu>
              <resourceRequestMemory></resourceRequestMemory>
              <resourceLimitCpu>20</resourceLimitCpu>
              <resourceLimitMemory></resourceLimitMemory>
              <envVars/>
              <ports/>
              <livenessProbe>
                <execArgs></execArgs>
                <timeoutSeconds>0</timeoutSeconds>
                <initialDelaySeconds>0</initialDelaySeconds>
                <failureThreshold>0</failureThreshold>
                <periodSeconds>0</periodSeconds>
                <successThreshold>0</successThreshold>
              </livenessProbe>
            </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
            <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
              <name>autopas-gcc7-cmake-make</name>
              <image>autopas/autopas-build-gcc</image>
              <privileged>false</privileged>
              <alwaysPullImage>true</alwaysPullImage>
              <workingDir>/home/jenkins/agent</workingDir><!-- this is the problematic line -->
              <command>/bin/sh -c</command>
              <args>cat</args>
              <ttyEnabled>true</ttyEnabled>
              <resourceRequestCpu>0</resourceRequestCpu>
              <resourceRequestMemory></resourceRequestMemory>
              <resourceLimitCpu>5</resourceLimitCpu>
              <resourceLimitMemory></resourceLimitMemory>
              <envVars/>
              <ports/>
              <livenessProbe>
                <execArgs></execArgs>
                <timeoutSeconds>0</timeoutSeconds>
                <initialDelaySeconds>0</initialDelaySeconds>
                <failureThreshold>0</failureThreshold>
                <periodSeconds>0</periodSeconds>
                <successThreshold>0</successThreshold>
              </livenessProbe>
            </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
          </containers>
          <envVars/>
          <annotations/>
          <imagePullSecrets/>
          <nodeProperties/>
          <yamls class="empty-list"/>
          <yamlMergeStrategy class="org.csanchez.jenkins.plugins.kubernetes.pod.yaml.Overrides"/>
          <showRawYaml>true</showRawYaml>
          <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Default"/>
        </org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
      </templates>
      <serverUrl>https://SERVERURL:8443</serverUrl><!--replaced url-->
      <skipTlsVerify>true</skipTlsVerify>
      <addMasterProxyEnvVars>false</addMasterProxyEnvVars>
      <capOnlyOnAlivePods>false</capOnlyOnAlivePods>
      <namespace>ls1autopasjenkins</namespace>
      <jenkinsUrl>http://JENKINSURL</jenkinsUrl><!--replaced url-->
      <credentialsId>SECRET</credentialsId><!-- replaced secret name -->
      <containerCap>5</containerCap>
      <retentionTimeout>180</retentionTimeout>
      <connectTimeout>0</connectTimeout>
      <readTimeout>0</readTimeout>
      <podLabels/>
      <usageRestricted>false</usageRestricted>
      <maxRequestsPerHost>60000</maxRequestsPerHost>
      <waitForPodSec>1000</waitForPodSec>
      <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Never"/>
    </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
  </clouds>
 
                                                            