Getting permission errors running jenkins inside docker using persistent volumes

Abdul Jabbar Azam

unread,

Apr 3, 2016, 9:18:19 AM4/3/16

to marathon-framework

Hello,

I am trying to get jenkins running inside docker using marathon to lunch the jenkins docker image.

I used the create application button which produces the following json

{

"type": "DOCKER",

"volumes": [

{

"containerPath": "/var/jenkins_home",

"hostPath": "jenkins_path",

"mode": "RW"

},

{

"containerPath": "jenkins_home",

"mode": "RW",

"persistent": {

"size": 200

}

],

"docker": {

"image": "jenkins",

"network": "HOST",

"privileged": false,

"parameters": [],

"forcePullImage": false

}

stdout shows

--container="mesos-c8bd5b26-6e71-4e18-b490-821dbf7edd9d-S0.ac0b4dbb-10e4-4684-a4df-9539258d77ee" --docker="docker" --docker_socket="/var/run/docker.sock" --help="false" --initialize_driver_logging="true" --launcher_dir="/home/ajazam/mesos-0.28.0/build/src" --logbufsecs="0" --logging_level="INFO" --mapped_directory="/mnt/mesos/sandbox" --quiet="false" --sandbox_directory="/var/lib/mesos/data/slaves/c8bd5b26-6e71-4e18-b490-821dbf7edd9d-S0/frameworks/6079a596-90a8-4fa5-9c92-9215558737d1-0000/executors/jenkins-t7.9be44260-f99c-11e5-b0ac-e4115bb26fcc/runs/ac0b4dbb-10e4-4684-a4df-9539258d77ee" --stop_timeout="0ns"

Registered docker executor on slave4

Starting task jenkins-t7.9be44260-f99c-11e5-b0ac-e4115bb26fcc

Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?

stderr shows

I0403 14:04:51.026866 6569 exec.cpp:143] Version: 0.28.0

I0403 14:04:51.032097 6585 exec.cpp:217] Executor registered on slave c8bd5b26-6e71-4e18-b490-821dbf7edd9d-S0

WARNING: Your kernel does not support swap limit capabilities, memory limited without swap.

touch: cannot touch ‘/var/jenkins_home/copy_reference_file.log’: Permission denied

I am using

marathon 1.0.0 RC1

mesos 0.28.0

docker 1.10.3

OS is ubuntu 14.04.4 LTS

Does anybody have any pointers to where I'm going wrong? My feeling is that the problem is todo with the persistent volume and the mapping of it into the jenkins container.

Gastón Kleiman

unread,

Apr 4, 2016, 11:35:23 AM4/4/16

to Abdul Jabbar Azam, marathon-framework

Please try wit the following volumes definition and let me know if it doesn't work:

"volumes": [

{

"hostPath": "jenkins_home",

"containerPath": "/var/jenkins_home",

"mode": "RW"

},

{

"containerPath": "jenkins_home",

"persistent": {

"size": 200

},

"mode": "RW"

}

]

-Gastón

--
You received this message because you are subscribed to the Google Groups "marathon-framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to marathon-framew...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Abdul Jabbar Azam

unread,

Apr 4, 2016, 4:50:10 PM4/4/16

to marathon-framework, aja...@gmail.com

Hello Gastón,

I now used the following to create application

{

"id": "jenkins-t9",

"cmd": null,

"cpus": 1,

"mem": 512,

"disk": 1000,

"instances": 1,

"ports": [

0

],

"container": {

"docker": {

"image": "jenkins",

"network": "HOST"

},

"type": "DOCKER",

"volumes": [

{

"hostPath": "jenkins_home",

"containerPath": "/var/jenkins_home",

"mode": "RW"

},

{

"containerPath": "jenkins_home",

"persistent": {

"size": 200

},

"mode": "RW"

}

]

},

"portDefinitions": [

{

"port": 8080,

"protocol": "tcp",

"name": null

},

{

"port": 50000,

"protocol": "tcp",

"name": null

}

],

"env": {},

"labels": {},

"healthChecks": []

}

stderror

I0404 21:45:06.691978 31968 exec.cpp:143] Version: 0.28.0

I0404 21:45:06.714151 31988 exec.cpp:217] Executor registered on slave 643bf22e-3a60-4605-988f-f2d21501c930-S3

WARNING: Your kernel does not support swap limit capabilities, memory limited without swap.

touch: cannot touch ‘/var/jenkins_home/copy_reference_file.log’: Permission denied

ied

stdout

--container="mesos-643bf22e-3a60-4605-988f-f2d21501c930-S3.828a3ddc-7894-4c0b-87e5-ff9224db227e" --docker="docker" --docker_socket="/var/run/docker.sock" --help="false" --initialize_driver_logging="true" --launcher_dir="/home/ajazam/mesos-0.28.0/build/src" --logbufsecs="0" --logging_level="INFO" --mapped_directory="/mnt/mesos/sandbox" --quiet="false" --sandbox_directory="/var/lib/mesos/data/slaves/643bf22e-3a60-4605-988f-f2d21501c930-S3/frameworks/6079a596-90a8-4fa5-9c92-9215558737d1-0000/executors/jenkins-t9.1c8fd008-faa6-11e5-b0ac-e4115bb26fcc/runs/828a3ddc-7894-4c0b-87e5-ff9224db227e" --stop_timeout="0ns"

Registered docker executor on slave1

Starting task jenkins-t9.1c8fd008-faa6-11e5-b0ac-e4115bb26fcc

Abdul Jabbar Azam

unread,

Apr 5, 2016, 3:55:54 PM4/5/16

to marathon-framework, aja...@gmail.com

I think the issue is this https://github.com/jenkinsci/docker/issues/177

Abdul Jabbar Azam

unread,

Apr 5, 2016, 7:25:17 PM4/5/16

to marathon-framework, aja...@gmail.com

I now have a working jenkins server using persistent volumes in Marathon and Mesos :)

I've posted the answer to stackoverflow http://stackoverflow.com/questions/36403082/permission-errors-running-jenkins-inside-docker-using-persistent-volumes-with-ma/36438789#36438789

Pravin Mishra

unread,

Apr 7, 2016, 1:37:37 AM4/7/16

to Abdul Jabbar Azam, marathon-framework

Hi Abdul,

Could you please help with latest JSON you used?

--
You received this message because you are subscribed to the Google Groups "marathon-framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to marathon-framew...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Best Regards,

Pravin Mishra

Abdul Jabbar Azam

unread,

Apr 7, 2016, 4:17:14 AM4/7/16

to marathon-framework, aja...@gmail.com

Hello Pravin,

You need to bear with me as I've torn down my cluster. I'm refactoring my ansible installation script, before I release it as open source, and currently it doesn't work. Let me fix that and then I'll generate the JSON.

To get Jenkins to work I didn't create JSON by hand but I used the Create Application button to describe the application and modified the Jenkins Dockerfile.

For more options, visit https://groups.google.com/d/optout.

Pravin Mishra

unread,

Apr 7, 2016, 7:09:30 AM4/7/16

to Abdul Jabbar Azam, marathon-framework

Hi Abdul,

I have tried the solution you provided but it's not working for me. I am using

Mesos: 0.28

Marathon: 1.0.0-RC1

Docker: 1.10.3

I have tried with below json:

{
"id": "jks",

    "cmd": null,
    "cpus": 1,
    "mem": 512,
    "disk": 1000,
    "instances": 1,

    "container": {
        "docker": {
            "image": "jenkins",
            "network": "HOST"
        },
        "type": "DOCKER",
        "volumes": [{

"hostPath": "/var/jenkins_home",

"containerPath": "jenkins_home",
"mode": "RW"

}, {

            "containerPath": "jenkins_home",
            "persistent": {
                "size": 200
            },
            "mode": "RW"
        }]
    },
    "portDefinitions": [{
        "port": 8080,
        "protocol": "tcp",
        "name": null
    }, {
        "port": 50000,
        "protocol": "tcp",
        "name": null
    }],
    "env": {},
    "labels": {},
    "healthChecks": []
}

To unsubscribe from this group and stop receiving emails from it, send an email to marathon-framew...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Abdul Jabbar Azam

unread,

Apr 7, 2016, 8:59:24 AM4/7/16

to marathon-framework, aja...@gmail.com

Hello Pravin,

That is the Json which is shown in the create application dialog box in marathon. I have not tried passing that json via curl to create an application.

I also found that authentication has to be enabled. I did not have to make any changes to the authorisation settings.

I'll try the Json via curl when once I fix my mesos installation script.

To unsubscribe from this group and stop receiving emails from it, send an email to marathon-framework+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Abdul Jabbar Azam

unread,

Apr 7, 2016, 7:52:17 PM4/7/16

to marathon-framework, aja...@gmail.com

Hello Pravin,

I have a working cluster now.

I save the contests of the following json into a file called sample-app.json

I ran

curl -X POST http://172.16.2.60:8080/v2/apps -d @sample-app.json -H "Content-type: application/json"

and the application deployed. Of course I have a modified docker image of jenkins and deploys without permission errors

I don't really understand the Json, but it works. I opened the developer tools in chrome and saw the json the browser sent to marathon.

{

"id": "/jenkins23",

"cmd": null,

"args": null,

"user": null,

"env": {},

"instances": 1,

"cpus": 1,

"mem": 512,

"disk": 1000,

"executor": "",

"constraints": [],

"uris": [],

"fetch": [],

"storeUrls": [],

"ports": [

8080,

50000

],

"portDefinitions": [

{

"port": 8080,

"protocol": "tcp",

"labels": {}

},

{

"port": 50000,

"protocol": "tcp",

"labels": {}

}

],

"requirePorts": false,

"backoffSeconds": 1,

"backoffFactor": 1.15,

"maxLaunchDelaySeconds": 3600,

"container": {

"type": "DOCKER",

"volumes": [

{

"containerPath": "/var/jenkins_home",

"hostPath": "jenkins_home",

"mode": "RW"

},

{

"containerPath": "jenkins_home",

"mode": "RW",

"persistent": {

"size": 200

}

],

"docker": {

"image": "jenkins",

"network": "HOST",

"privileged": false,

"parameters": [],

"forcePullImage": false

}

},

"healthChecks": [],

"dependencies": [],

"upgradeStrategy": {

"minimumHealthCapacity": 0.5,

"maximumOverCapacity": 0

},

"labels": {},

"acceptedResourceRoles": null,

"ipAddress": null,

"version": "2016-04-07T23:50:17.508Z",

"residency": {

"relaunchEscalationTimeoutSeconds": 10,

"taskLostBehavior": "WAIT_FOREVER"

},

"tasksStaged": 0,

"tasksRunning": 0,

"tasksHealthy": 0,

"tasksUnhealthy": 0,

"deployments": [

{

"id": "ed4294a1-aa5d-49a0-8dcf-31a933687112"

}

],

"tasks": []

Reply all

Reply to author

Forward