I would prefer to clone the repo and build the container, this way I do not have maintain my own jenkins image
Maybe Jenkins dev can allow options to run the container using user prefer Ids? Thanks -Dan On Thursday, January 5, 2017 at 3:37:54 AM UTC-8, Barry Laffoy wrote: > > If this is of use to anybody else, I was able to workaround this > implementation problem in the jenkinsci/docker with the following: > > FROM jenkins:2.19.4 > > ARG user=jenkins > ARG group=jenkins > ARG olduid=1000 > ARG oldgid=1000 > ARG uid > ARG gid > ENV JENKINS_HOME /var/lib/jenkins > ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log > > USER root > RUN usermod -u $uid $user > RUN usermod -d /var/lib/jenkins $user > RUN groupmod -g $gid $group > RUN usermod -g $gid $group > RUN find / -path /proc -prune -o -group $oldgid -print | xargs chgrp -hv > $group > RUN find / -path /proc -prune -o -user $olduid -print | xargs chown -hv > $user > RUN cp -R /var/jenkins_home /var/lib/jenkins > RUN chown -R $user:$group /var/lib/jenkins > VOLUME /var/lib/jenkins > USER $user > > And building with `--build-args uid=$(id -u) --build-args gid=$(id -g)` > > This isn't pretty, and I'm not entirely sure that it's the way I want to > do it. Cloning the entire jenkinsci/docker repo and setting these build > args directly seems like a better option. > > > On Wednesday, 4 January 2017 17:05:56 UTC, Barry Laffoy wrote: >> >> Dirk Heinrichs' comments have made me realise that this problem goes both >> ways. Since my host has a user with uid 1000, the data volume on the host >> at, say, >> /var/lib/docker/volumes/6a70b50dc1c6d201bd772e8d4bf8cb17d9668fbed0661e27b5fcf7d6b7847070/_data >> >> is actually owned by that host user. >> >> What I need to be doing is building the jenkinsci/docker image with >> "--build-arg uid=$(id -u) --build-arg gid=$(id -g)" to match the container >> to the host user. >> >> On Wednesday, 4 January 2017 08:51:41 UTC, Barry Laffoy wrote: >>> >>> Aha, I understand what you're saying now. There is such a user on both >>> the development and the production hosts I'm using, unfortunately. I'll >>> investigate what can be done to change that. >>> >>> On Wednesday, 4 January 2017 08:44:45 UTC, Dirk Heinrichs wrote: >>>> >>>> Am 04.01.2017 um 09:35 schrieb Barry Laffoy: >>>> >>>> Thanks for the response, but I think I must be missing a trick because >>>> I don't know what you're getting at. >>>> >>>> If say, the uid of the host user is 1005, and the uid of the >>>> container's jenkins user is 1000, these clearly don't match. I would need >>>> to set the uid of the user in the container to 1005 in order to let it use >>>> the mounted keys, >>>> >>>> >>>> You just need to make sure that the host dir is owned by the correct >>>> uid/gid pair (the one that matches your jenkins user inside the >>>> container). >>>> There's no need to also have that user on the host, too (although you can, >>>> but then their uid/gid should simply match). I'd just make sure there's no >>>> user on the host with the same uid/gid pair. This way, only root on the >>>> host and the jenkins user inside the container will have access to the >>>> keys. >>>> >>>> HTH... >>>> >>>> Dirk >>>> -- >>>> *Dirk Heinrichs* >>>> Senior Systems Engineer, Delivery Pipeline >>>> OpenTextTM Discovery | Recommind >>>> *Email*: dirk.he...@recommind.com >>>> *Website*: www.recommind.de >>>> >>>> Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach >>>> >>>> Vertretungsberechtigte Geschäftsführer John Marshall Doolittle, Gordon >>>> Davies, Roger Illing, Registergericht Amtsgericht Bonn, Registernummer HRB >>>> 10646 >>>> >>>> This e-mail may contain confidential and/or privileged information. If >>>> you are not the intended recipient (or have received this e-mail in error) >>>> please notify the sender immediately and destroy this e-mail. Any >>>> unauthorized copying, disclosure or distribution of the material in this >>>> e-mail is strictly forbidden >>>> >>>> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte >>>> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail >>>> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und >>>> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte >>>> Weitergabe dieser Mail sind nicht gestattet. >>>> >>>> www.recommind.com >>>> >>> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e4c387e8-4d7c-4140-a248-33fdac3cc9af%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
