Re: oc new-app with root privileges
Hi All, Apologies for bringing this back up, but I was busy with my exams and stuff, and now I'm back to solve this issue. I did some research on my problem and the links I received from you guys. Below is my dockerfile which I wrote to get the tgt service running and also the s2i tool working for the image. FROM 172.30.79.210:5000/openshift/centos-with-bmi-setup_v1 MAINTAINER "Akshaya" <khare...@husky.neu.edu> ENV container docker ENV LIGHTTPD_VERSION=1.4.35 # Set labels used in OpenShift to describe the builder images LABEL io.k8s.description="Platform for serving static HTML files" \ io.k8s.display-name="Lighttpd 1.4.35" \ io.openshift.expose-services="8080:http" \ io.openshift.tags="builder,html,lighttpd" #USER root RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i ==systemd-tmpfiles-setup.service ] || rm -f $i; done); \ rm -rf /lib/systemd/system/multi-user.target.wants/*;\ rm -rf /etc/systemd/system/*.wants/*;\ rm -rf /lib/systemd/system/local-fs.target.wants/*; \ rm -rf /lib/systemd/system/sockets.target.wants/*udev*; \ rm -rf /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -rf /lib/systemd/system/basic.target.wants/*;\ rm -rf /lib/systemd/system/anaconda.target.wants/*;\ yum install -y git ;\ yum install -y lighttpd && \ # clean yum cache files, as they are not needed and will only make the image bigger in the end yum clean all -y; RUN systemctl enable tgtd.service # Defines the location of the S2I # Although this is defined in openshift/base-centos7 image it's repeated here # to make it clear why the following COPY operation is happening LABEL io.openshift.s2i.scripts-url=image:///usr/local/s2i # Copy the S2I scripts from ./.s2i/bin/ to /usr/local/s2i when making the builder image COPY ./.s2i/bin/ /usr/local/s2i # Copy the lighttpd configuration file COPY ./etc/ /opt/app-root/etc # Specify the ports the final image will expose EXPOSE 8080 VOLUME [ "/sys/fs/cgroup" ] #VOLUME ["/sys/fs/cgroup:ro"] CMD ["/usr/sbin/init"] Turns out it was not an issue about the root access. The service works automatically if i use the docker run command with volume group specified as below: docker run -ti *-v /sys/fs/cgroup:/sys/fs/cgroup:ro* -d docker.io/centos Based on the below blog, systemd insists on looking at cgroup file system within a container: https://developers.redhat.com/blog/2014/05/05/running-systemd-within-docker-container/ So on running the image using the cgroup file system, the service works fine. Without it, the service fails to start. Is there a way to mount the volume group in openshift while starting an application using this image? Thanks & Regards, Akshaya On Fri, Dec 2, 2016 at 5:30 PM, Srinivas Naga Kotaru (skotaru) < skot...@cisco.com> wrote: > Sorry, forgot to put blog link > > > > http://developers.redhat.com/blog/2016/10/21/understanding- > openshift-security-context-constraints/ > > > > -- > > *Srinivas Kotaru* > > > > *From: *Srinivas Naga Kotaru <skot...@cisco.com> > *Date: *Friday, December 2, 2016 at 2:27 PM > *To: *Akshaya Khare <khare...@husky.neu.edu>, Ben Parees < > bpar...@redhat.com> > *Cc: *users <users@lists.openshift.redhat.com>, Jordan Liggitt < > jligg...@redhat.com> > > *Subject: *Re: oc new-app with root privileges > > > > This is the blog post am using to refer steps mentioned here. I didn’t > tested yet but this article talking about how to run an container using > anyuid SCC privileges > > > > -- > > *Srinivas Kotaru* > > > > *From: *Akshaya Khare <khare...@husky.neu.edu> > *Date: *Friday, December 2, 2016 at 1:59 PM > *To: *Ben Parees <bpar...@redhat.com> > *Cc: *users <users@lists.openshift.redhat.com>, Srinivas Naga Kotaru < > skot...@cisco.com>, Jordan Liggitt <jligg...@redhat.com> > *Subject: *Re: oc new-app with root privileges > > > > Thanks Ben, > > > > I'll check this reference. > > our developers in the team will need to start a service once the container > is up. > > But the systemd is only accessible for my image if it is run as root. > > > > Maybe I can try adding this startup script into the docker file as well. > > I'll check both and let you know... > > > > Regards, > > AK > > > > On Fri, Dec 2, 2016 at 4:47 PM, Ben Parees <bpar...@redhat.com> wrote: > > > > > > On Fri, Dec 2, 2016 at 4:35 PM, Akshaya Khare <khare...@husky.neu.edu> > wrote: > > Hi again, > > > > I tried using the suggestions you guys gave but some how its still > failing. > > On further analysis I understood that this is not actually the image which > I created. > &
Re: oc new-app with root privileges
Thanks Ben, I'll check this reference. our developers in the team will need to start a service once the container is up. But the systemd is only accessible for my image if it is run as root. Maybe I can try adding this startup script into the docker file as well. I'll check both and let you know... Regards, AK On Fri, Dec 2, 2016 at 4:47 PM, Ben Parees <bpar...@redhat.com> wrote: > > > On Fri, Dec 2, 2016 at 4:35 PM, Akshaya Khare <khare...@husky.neu.edu> > wrote: > >> Hi again, >> >> I tried using the suggestions you guys gave but some how its still >> failing. >> On further analysis I understood that this is not actually the image >> which I created. >> >> Since I'm using source2image, the github source is being mapped on to my >> image which has root privileges. >> Now my image creates a build and then a new pod is spawned up using that >> build. >> >> Is there some other configuration within these steps which allows me to >> run the pod as a root user? >> Or these steps have nothing to do with the user issue i'm facing? >> > > you can control the user the pod runs as by setting the pod's security > context: > http://kubernetes.io/docs/api-reference/v1/definitions/#_v1_ > podsecuritycontext > > but it would be better to try to understand why your image needs to run as > root and change file/etc permissions so that it does not require that. > > > > >> >> Thanks, >> AK >> >> On Thu, Dec 1, 2016 at 6:31 PM, Srinivas Naga Kotaru (skotaru) < >> skot...@cisco.com> wrote: >> >>> I was thinking belwo are right steps as per my knowledge >>> >>> >>> >>> 1. Create a service account >>> >>> 2. Grant anyuid SCC to this service account >>> >>> 3. And add sercice account details to dc object >>> >>> >>> >>> >>> >>> I might be wrong but above steps in my mind. Even I would like to get >>> clarity on this topic what is the right approach to run a container using >>> anyuid priviligies >>> >>> >>> >>> >>> >>> -- >>> >>> *Srinivas Kotaru* >>> >>> >>> >>> *From: *<users-boun...@lists.openshift.redhat.com> on behalf of Ben >>> Parees <bpar...@redhat.com> >>> *Date: *Thursday, December 1, 2016 at 1:37 PM >>> *To: *Akshaya Khare <khare...@husky.neu.edu>, Jordan Liggitt < >>> jligg...@redhat.com> >>> *Cc: *users <users@lists.openshift.redhat.com> >>> *Subject: *Re: oc new-app with root privileges >>> >>> >>> >>> >>> >>> >>> >>> On Thu, Dec 1, 2016 at 4:18 PM, Akshaya Khare <khare...@husky.neu.edu> >>> wrote: >>> >>> Hi, >>> >>> >>> >>> I created my own image which can use s2i to use git urls for my internal >>> projects. >>> >>> >>> >>> The image has been created such that the systemd services will be >>> working, and in order to do that the image had to be created with root user. >>> >>> >>> >>> Now the container spawned from this image only works properly i spawn it >>> with the below command: >>> >>> >>> >>> *docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -d my-image-name* >>> >>> >>> >>> The container works fine. >>> >>> >>> >>> Unfortunately, whenever I try to create the container from the openshift >>> ui, it creates the pod successfully but it doesn't have access to run it >>> since it doesn't run it as a root user. >>> >>> >>> >>> I tried to provide this command: >>> >>> >>> >>> *oadm policy add-scc-to-user anyuid -z project-name* >>> >>> >>> >>> But still the pod is created without the root user. >>> >>> >>> >>> Is there any way to run the pod with root user via both cli or ui? >>> >>> >>> >>> assuming your built image defaults to running as root, the adding >>> anyuid scc should be all you need to do for the image to run as that user, >>> as far as i know. >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> *Thanks & Regards,* >>> >>> *Akshaya Khare* >>> >>> *312-785-3508 <312-785-3508>* >>> >>> >>> ___ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >>> >>> >>> >>> -- >>> >>> Ben Parees | OpenShift >>> >> >> >> >> -- >> *Thanks & Regards,* >> *Akshaya Khare* >> *312-785-3508 <312-785-3508>* >> > > > > -- > Ben Parees | OpenShift > > -- *Thanks & Regards,* *Akshaya Khare* *312-785-3508* ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: oc new-app with root privileges
Hi again, I tried using the suggestions you guys gave but some how its still failing. On further analysis I understood that this is not actually the image which I created. Since I'm using source2image, the github source is being mapped on to my image which has root privileges. Now my image creates a build and then a new pod is spawned up using that build. Is there some other configuration within these steps which allows me to run the pod as a root user? Or these steps have nothing to do with the user issue i'm facing? Thanks, AK On Thu, Dec 1, 2016 at 6:31 PM, Srinivas Naga Kotaru (skotaru) < skot...@cisco.com> wrote: > I was thinking belwo are right steps as per my knowledge > > > > 1. Create a service account > > 2. Grant anyuid SCC to this service account > > 3. And add sercice account details to dc object > > > > > > I might be wrong but above steps in my mind. Even I would like to get > clarity on this topic what is the right approach to run a container using > anyuid priviligies > > > > > > -- > > *Srinivas Kotaru* > > > > *From: *<users-boun...@lists.openshift.redhat.com> on behalf of Ben > Parees <bpar...@redhat.com> > *Date: *Thursday, December 1, 2016 at 1:37 PM > *To: *Akshaya Khare <khare...@husky.neu.edu>, Jordan Liggitt < > jligg...@redhat.com> > *Cc: *users <users@lists.openshift.redhat.com> > *Subject: *Re: oc new-app with root privileges > > > > > > > > On Thu, Dec 1, 2016 at 4:18 PM, Akshaya Khare <khare...@husky.neu.edu> > wrote: > > Hi, > > > > I created my own image which can use s2i to use git urls for my internal > projects. > > > > The image has been created such that the systemd services will be working, > and in order to do that the image had to be created with root user. > > > > Now the container spawned from this image only works properly i spawn it > with the below command: > > > > *docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -d my-image-name* > > > > The container works fine. > > > > Unfortunately, whenever I try to create the container from the openshift > ui, it creates the pod successfully but it doesn't have access to run it > since it doesn't run it as a root user. > > > > I tried to provide this command: > > > > *oadm policy add-scc-to-user anyuid -z project-name* > > > > But still the pod is created without the root user. > > > > Is there any way to run the pod with root user via both cli or ui? > > > > assuming your built image defaults to running as root, the adding anyuid > scc should be all you need to do for the image to run as that user, as far > as i know. > > > > > > > > > -- > > *Thanks & Regards,* > > *Akshaya Khare* > > *312-785-3508 <312-785-3508>* > > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > > > -- > > Ben Parees | OpenShift > -- *Thanks & Regards,* *Akshaya Khare* *312-785-3508* ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Using a Jenkins Slave in openshift
Apparently your suggestion was right, I had to add permissions for the file. I got confused because I was using github as source, and didnt realize we could use git as well. I copied the code to my local git, changed permissions and was able to run the pod successfully. There were some configurations which needed to be done in the Kubernetes plugin in jenkins, after which the slave pod was working smoothly, it looks awesome now :) Thanks for your help!! Regards, Akshaya On Thu, Aug 11, 2016 at 11:53 AM, Ben Parees <bpar...@redhat.com> wrote: > No I mean in the repo. Does the file, as stored in your repo, have execute > permissions. > > But what you suggest would also work. > > Ben Parees | OpenShift > > On Aug 11, 2016 11:47 AM, "Akshaya Khare" <khare...@husky.neu.edu> wrote: > >> By execute permissions in the repo I hope you mean in the Dockerfile... >> >> these are the current commands in my docker file: >> >> >> >> *mkdir -p /var/lib/jenkins && \chown -R 1001:0 /var/lib/jenkins && \chmod >> -R g+w /var/lib/jenkins* >> So if I add 'chmod -R g+x' to the /var/lib/jenkins, it should do the job >> *?* >> >> >> On Thu, Aug 11, 2016 at 11:20 AM, Ben Parees <bpar...@redhat.com> wrote: >> >>> >>> >>> On Thu, Aug 11, 2016 at 11:18 AM, Akshaya Khare <khare...@husky.neu.edu> >>> wrote: >>> >>>> I'm adding the run-jnlp-client >>>> <https://github.com/akshayakhare/ims/blob/master/slave/configuration/run-jnlp-client> >>>> file into my github repository under configuration folder. >>>> >>> >>> does it have execute permissions in your repo? >>> >>> >>> >>>> Then I'm using my github link to use in my jenkins-slave-builder url, >>>> and then openshift builds an image for me... >>>> >>>> On Thu, Aug 11, 2016 at 11:15 AM, Ben Parees <bpar...@redhat.com> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Thu, Aug 11, 2016 at 11:10 AM, Akshaya Khare < >>>>> khare...@husky.neu.edu> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Thanks for the detailed explanation, and I did get far but got stuck >>>>>> again. >>>>>> So I was able to build a slave Jenkins image and created a >>>>>> buildconfig. >>>>>> After updating the Kubernetes plugin configurations, I was able to >>>>>> spawn a new pod, but the pod fails with the error "ContainerCannotRun". >>>>>> On seeing the logs of the pod, it shows: >>>>>> >>>>>> *exec: "/var/lib/jenkins/run-jnlp-client": permission denied* >>>>>> >>>>> >>>>> sounds like /var/lib/jenkins/run-jnlp-client doesn't have the >>>>> right read/execute permissions set. How are you building the slave image? >>>>> >>>>> >>>>> >>>>> >>>>>> >>>>>> I tried giving admin privileges to my user, and also edit privileges >>>>>> to the serviceaccount in my project: >>>>>> >>>>>> >>>>>> *oc policy add-role-to-group edit system:serviceaccounts -n >>>>>> jenkinstin2* >>>>>> How can I make sure that the pod runs without any permissions issues? >>>>>> >>>>>> On Mon, Aug 8, 2016 at 3:55 PM, Ben Parees <bpar...@redhat.com> >>>>>> wrote: >>>>>> >>>>>>> The sample defines a buildconfig which ultimately uses this >>>>>>> directory as the context for a docker build: >>>>>>> https://github.com/siamaksade/jenkins-s2i-example/tree/master/slave >>>>>>> >>>>>>> it does that by pointing the buildconfig to this repo: >>>>>>> https://github.com/siamaksade/jenkins-s2i-example >>>>>>> >>>>>>> and the context directory named "slave" within that repo: >>>>>>> https://github.com/siamaksade/jenkins-s2i-example/tree/master/slave >>>>>>> >>>>>>> which you can see defined here: >>>>>>> https://github.com/siamaksade/jenkins-s2i-example/blob/maste >>>>>>> r/jenkins-slave-builder-template.yaml#L36-L40 >>>>>>> >>>>>>> https://github.co
Re: Using a Jenkins Slave in openshift
By execute permissions in the repo I hope you mean in the Dockerfile... these are the current commands in my docker file: *mkdir -p /var/lib/jenkins && \chown -R 1001:0 /var/lib/jenkins && \chmod -R g+w /var/lib/jenkins* So if I add 'chmod -R g+x' to the /var/lib/jenkins, it should do the job *?* On Thu, Aug 11, 2016 at 11:20 AM, Ben Parees <bpar...@redhat.com> wrote: > > > On Thu, Aug 11, 2016 at 11:18 AM, Akshaya Khare <khare...@husky.neu.edu> > wrote: > >> I'm adding the run-jnlp-client >> <https://github.com/akshayakhare/ims/blob/master/slave/configuration/run-jnlp-client> >> file into my github repository under configuration folder. >> > > does it have execute permissions in your repo? > > > >> Then I'm using my github link to use in my jenkins-slave-builder url, and >> then openshift builds an image for me... >> >> On Thu, Aug 11, 2016 at 11:15 AM, Ben Parees <bpar...@redhat.com> wrote: >> >>> >>> >>> On Thu, Aug 11, 2016 at 11:10 AM, Akshaya Khare <khare...@husky.neu.edu> >>> wrote: >>> >>>> Hi, >>>> >>>> Thanks for the detailed explanation, and I did get far but got stuck >>>> again. >>>> So I was able to build a slave Jenkins image and created a buildconfig. >>>> After updating the Kubernetes plugin configurations, I was able to >>>> spawn a new pod, but the pod fails with the error "ContainerCannotRun". >>>> On seeing the logs of the pod, it shows: >>>> >>>> *exec: "/var/lib/jenkins/run-jnlp-client": permission denied* >>>> >>> >>> sounds like /var/lib/jenkins/run-jnlp-client doesn't have the right >>> read/execute permissions set. How are you building the slave image? >>> >>> >>> >>> >>>> >>>> I tried giving admin privileges to my user, and also edit privileges to >>>> the serviceaccount in my project: >>>> >>>> >>>> *oc policy add-role-to-group edit system:serviceaccounts -n jenkinstin2* >>>> How can I make sure that the pod runs without any permissions issues? >>>> >>>> On Mon, Aug 8, 2016 at 3:55 PM, Ben Parees <bpar...@redhat.com> wrote: >>>> >>>>> The sample defines a buildconfig which ultimately uses this directory >>>>> as the context for a docker build: >>>>> https://github.com/siamaksade/jenkins-s2i-example/tree/master/slave >>>>> >>>>> it does that by pointing the buildconfig to this repo: >>>>> https://github.com/siamaksade/jenkins-s2i-example >>>>> >>>>> and the context directory named "slave" within that repo: >>>>> https://github.com/siamaksade/jenkins-s2i-example/tree/master/slave >>>>> >>>>> which you can see defined here: >>>>> https://github.com/siamaksade/jenkins-s2i-example/blob/maste >>>>> r/jenkins-slave-builder-template.yaml#L36-L40 >>>>> >>>>> https://github.com/siamaksade/jenkins-s2i-example/blob/maste >>>>> r/jenkins-slave-builder-template.yaml#L61-L68 >>>>> >>>>> If you are trying to build your own slave image, you need to point to >>>>> a repo (and optionally a contextdir within that repo) that contains an >>>>> appropriate Dockerfile, as the example does. >>>>> >>>>> >>>>> >>>>> On Mon, Aug 8, 2016 at 2:43 PM, Akshaya Khare <khare...@husky.neu.edu> >>>>> wrote: >>>>> >>>>>> Hi Ben, >>>>>> >>>>>> So after making changes to the imagestream, I wasn't able to get the >>>>>> build running initially. >>>>>> But that was because already there were failed builds and >>>>>> buildconfigs which were preventing the build to run successfully. >>>>>> >>>>>> Once I deleted the old failed builds, I was able to get the new build >>>>>> running, but it failed once I tried running my Jenkins job. >>>>>> I gave my github repository as the repository url for the build, and >>>>>> this is the log i get for the failed pod: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >&
Re: Using a Jenkins Slave in openshift
Hi,
Thanks for the detailed explanation, and I did get far but got stuck again.
So I was able to build a slave Jenkins image and created a buildconfig.
After updating the Kubernetes plugin configurations, I was able to spawn a
new pod, but the pod fails with the error "ContainerCannotRun".
On seeing the logs of the pod, it shows:
*exec: "/var/lib/jenkins/run-jnlp-client": permission denied*
I tried giving admin privileges to my user, and also edit privileges to the
serviceaccount in my project:
*oc policy add-role-to-group edit system:serviceaccounts -n jenkinstin2*
How can I make sure that the pod runs without any permissions issues?
On Mon, Aug 8, 2016 at 3:55 PM, Ben Parees <bpar...@redhat.com> wrote:
> The sample defines a buildconfig which ultimately uses this directory as
> the context for a docker build:
> https://github.com/siamaksade/jenkins-s2i-example/tree/master/slave
>
> it does that by pointing the buildconfig to this repo:
> https://github.com/siamaksade/jenkins-s2i-example
>
> and the context directory named "slave" within that repo:
> https://github.com/siamaksade/jenkins-s2i-example/tree/master/slave
>
> which you can see defined here:
> https://github.com/siamaksade/jenkins-s2i-example/blob/
> master/jenkins-slave-builder-template.yaml#L36-L40
>
> https://github.com/siamaksade/jenkins-s2i-example/blob/
> master/jenkins-slave-builder-template.yaml#L61-L68
>
> If you are trying to build your own slave image, you need to point to a
> repo (and optionally a contextdir within that repo) that contains an
> appropriate Dockerfile, as the example does.
>
>
>
> On Mon, Aug 8, 2016 at 2:43 PM, Akshaya Khare <khare...@husky.neu.edu>
> wrote:
>
>> Hi Ben,
>>
>> So after making changes to the imagestream, I wasn't able to get the
>> build running initially.
>> But that was because already there were failed builds and buildconfigs
>> which were preventing the build to run successfully.
>>
>> Once I deleted the old failed builds, I was able to get the new build
>> running, but it failed once I tried running my Jenkins job.
>> I gave my github repository as the repository url for the build, and this
>> is the log i get for the failed pod:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *I0808 14:06:51.779594 1 source.go:96] git ls-remote
>> https://github.com/akshayakhare/ims/ <https://github.com/akshayakhare/ims/>
>> --headsI0808 14:06:51.779659 1 repository.go:275] Executing git
>> ls-remote https://github.com/akshayakhare/ims/
>> <https://github.com/akshayakhare/ims/> --headsI0808 14:07:06.989568 1
>> source.go:189] Cloning source from https://github.com/akshayakhare/ims/
>> <https://github.com/akshayakhare/ims/>I0808 14:07:06.989649 1
>> repository.go:275] Executing git clone --recursive
>> https://github.com/akshayakhare/ims/ <https://github.com/akshayakhare/ims/>
>> /tmp/docker-build543901321...I0808 14:07:35.174676 1
>> repository.go:300] Out: Merge pull request #28 from
>> chemistry-sourabh/LoggingI0808 14:07:35.174708 1 common.go:78]
>> Setting build revision to
>> {Commit:"79ed71a8470c973c6f6cad380657c2df93948345",
>> Author:api.SourceControlUser{Name:"Akshaya Khare",
>> Email:"akshayakh...@gmail.com <akshayakh...@gmail.com>"},
>> Committer:api.SourceControlUser{Name:"GitHub", Email:"nore...@github.com
>> <nore...@github.com>"}, Message:"Merge pull request #28 from
>> chemistry-sourabh/Logging"}F0808 14:07:35.200435 1 builder.go:185]
>> Error: build error: open /tmp/docker-build543901321/Dockerfile: no such
>> file or directory*
>> Do i need to create a docker file in my repository to run successfully?
>> You mentioned that the sample git given in the blog uses a "slave" sub
>> directory, will I have to create a similar structure in my repository?
>>
>> Looking at the sample Docker file given in the blog below, makes me
>> believe that it copies the workspace from the current image to its own
>> container and then runs it:
>> https://github.com/siamaksade/jenkins-s2i-example/blob/maste
>> r/slave/Dockerfile
>>
>> Is my understanding correct?
>>
>>
>> On Fri, Aug 5, 2016 at 4:39 PM, Ben Parees <bpar...@redhat.com> wrote:
>>
>>> You'll need to define the imagestream you've got the build pushing to,
>>> the sample does that here:
>>> https://github.com/siamaksade/jenkins-s2i-example/blob/maste
>>> r/jenkins-slave-builder-template.yaml#L12-L21
Re: Using a Jenkins Slave in openshift
I've attached the buildconfig, and the project name is "jenkinstin2"... On Fri, Aug 5, 2016 at 2:38 PM, Ben Parees <bpar...@redhat.com> wrote: > > > On Fri, Aug 5, 2016 at 2:28 PM, Akshaya Khare <khare...@husky.neu.edu> > wrote: > >> Hi, >> >> I have a project configured in jenkins container(thanks to Ben Parees for >> suggesting s2i, it works like a charm) running on openshiift which I need >> to test every time there is a pull request from github. >> >> And we are planning to run those test cases on a separate node, since the >> environment is ideal for testing. >> I was following this blog by Siamak Sadeghianfar which seems to do >> exactly the thing which I'm expecting it to do. >> >> https://blog.openshift.com/openshift-3-2-jenkins-s2i-slave-pods/ >> >> Now whenever I try creating the slave image from the UI, I get an error >> saying: >> >> >> >> >> *"build failed 44 hours ago - 29d91a3: added metadata to Dockerfile >> (Siamak Sadeghianfar <ssade...@redhat.com >> <ssade...@redhat.com>>)""bc/jenkins is pushing to >> imagestreamtag/jenkins:latest that is using is/jenkins, but that image >> stream does not exist"* >> > > can you share your buildconfig definition (json or yaml) and the name of > the project you've defined it in? > > > > >> >> I can see the docker image :->* :5000/jenkinstin2/jenkins *without >> any tags. >> >> What have I messed up here? >> >> And what should be the repository URL for this jenkins-slave-builder, I >> tried giving my github project url and also the sample >> jenkins-s2i-example.git url, both end up giving the same error. >> > > the repository the buildconfig references? depends what you want to > build, but it doesn't sound like that is your current issue. > > the example i think you're following uses this repository as the source > repo input for the slave image build: > > https://github.com/siamaksade/jenkins-s2i-example.git > > but it uses a context subdirectory of "slave". > > you can see the build config definition (and relevant parameters) here: > https://raw.githubusercontent.com/siamaksade/jenkins-s2i-example/master/jenkins-slave-builder-template.yaml > > > > > >> >> Also I got the master image running, but apparently the configuration >> *doesn't* have the one field it certainly needs to have... >> >> *Restrict where this project can be run* >> > > sorry, not sure what you're referring to here or where you expect this to > be configured? > > > > >> >> Is this a bug of some sort? >> -- >> *Thanks & Regards,* >> *AK* >> *312-785-3508 <312-785-3508>* >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > > > -- > Ben Parees | OpenShift > > -- *Thanks & Regards,* *Akshaya Khare* *312-785-3508* buildconfig.yaml Description: application/yaml ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Docker layering for jenkins image issue
ok, the changes are not present in the running container. And yes the pod is working on the latest image, which means my image is somehow not updated... So I guess I should create a new image using s2i and then try again? On Wed, Jul 27, 2016 at 1:26 PM, Ben Parees <bpar...@redhat.com> wrote: > > > On Wed, Jul 27, 2016 at 1:23 PM, Akshaya Khare <khare...@husky.neu.edu> > wrote: > >> sorry, that was an old command, I ran this command >> >> *oc new-app -e JENKINS_PASSWORD=password localhost:5000/jenkins-bmi3* >> > > ok, i'd certainly expect that to result in a pod running your new image. > Can you inspect the pod definition to confirm what image the container is > running? And can you oc rsh into the running container and poke around to > see if your changes are present? > > have you confirmed if you "docker run localhost:5000/jenkins-bmi3 /bin/sh" > that it contains your changes? > > Also i'm assuming you only have a single node and it's the same machine as > "localhost", otherwise it's not clear how the image is going to get pulled > to the node that's running the pod. > > > >> >> >> On Wed, Jul 27, 2016 at 1:20 PM, Ben Parees <bpar...@redhat.com> wrote: >> >>> >>> >>> On Wed, Jul 27, 2016 at 1:19 PM, Akshaya Khare <khare...@husky.neu.edu> >>> wrote: >>> >>>> Hi Ben, >>>> >>>> Using the below commands I pushed it to my local docker registry: >>>> >>>> >>>> >>>> *# docker tag jenkins_bmi3 localhost:5000/jenkins-bmi3:latest# docker >>>> push localhost:5000/jenkins-bmi3:latest*Then I created a new app >>>> using the below command, and a pod got deployed shortly after the app was >>>> created >>>> >>>> *# oc new-app -e JENKINS_PASSWORD= >>>> localhost:5000/jenkins-bmi2* >>>> >>> >>> you pushed it to bmi3 and deployed bmi-2? >>> >>> >>> >>>> >>>> >>>> Thats all I did... >>>> As per your advice, I'll try using s2i for extending an image, and >>>> thanks for replying so quickly... >>>> >>>> Regards, >>>> AK >>>> >>>> On Wed, Jul 27, 2016 at 12:37 PM, Ben Parees <bpar...@redhat.com> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Jul 27, 2016 at 11:48 AM, Akshaya Khare < >>>>> khare...@husky.neu.edu> wrote: >>>>> >>>>>> Hi >>>>>> >>>>>> While going through the documentation for using *jenkins* image, I >>>>>> found that we can use the updated image of jenkins by: >>>>>> >>>>>>- >>>>>> >>>>>>Use Docker layering. >>>>>>- >>>>>> >>>>>>Use the image as a Source-To-Image builder >>>>>> >>>>>> Now i found docker layering to be ideal in my case since I have >>>>>> created a new project and made many configurations to make it work. >>>>>> >>>>>> I ran the below command for getting the new image >>>>>> >>>>>> *# docker commit -m "my message" * >>>>>> >>>>> >>>>> first of all i'd strongly discourage you from creating images in this >>>>> way since you don't have a recreatable pattern. you should definitely >>>>> create a dockerfile if you're going to extend an image (or use s2i). >>>>> >>>>> >>>>> >>>>>> I pushed it to my local registry and used it to create a new >>>>>> application in openshift. >>>>>> >>>>> >>>>> what did you tag it as an how did you create the new application? >>>>> >>>>> >>>>> >>>>>> It did get deployed, but the jenkins image doesn't contain any of my >>>>>> changes... >>>>>> >>>>> >>>>> how did you deploy the new image? >>>>> >>>>> >>>>>> comparing the history of both the original image and the modified >>>>>> image, it looks like it did add a new layer: >>>>>> >>>>>> >>>>>> >>>>>> *IMAGE CREATED CREATED >>
Re: Docker layering for jenkins image issue
Hi Ben, Using the below commands I pushed it to my local docker registry: *# docker tag jenkins_bmi3 localhost:5000/jenkins-bmi3:latest# docker push localhost:5000/jenkins-bmi3:latest*Then I created a new app using the below command, and a pod got deployed shortly after the app was created *# oc new-app -e JENKINS_PASSWORD= localhost:5000/jenkins-bmi2* Thats all I did... As per your advice, I'll try using s2i for extending an image, and thanks for replying so quickly... Regards, AK On Wed, Jul 27, 2016 at 12:37 PM, Ben Parees <bpar...@redhat.com> wrote: > > > On Wed, Jul 27, 2016 at 11:48 AM, Akshaya Khare <khare...@husky.neu.edu> > wrote: > >> Hi >> >> While going through the documentation for using *jenkins* image, I found >> that we can use the updated image of jenkins by: >> >>- >> >>Use Docker layering. >>- >> >>Use the image as a Source-To-Image builder >> >> Now i found docker layering to be ideal in my case since I have created a >> new project and made many configurations to make it work. >> >> I ran the below command for getting the new image >> >> *# docker commit -m "my message" * >> > > first of all i'd strongly discourage you from creating images in this way > since you don't have a recreatable pattern. you should definitely create a > dockerfile if you're going to extend an image (or use s2i). > > > >> I pushed it to my local registry and used it to create a new application >> in openshift. >> > > what did you tag it as an how did you create the new application? > > > >> It did get deployed, but the jenkins image doesn't contain any of my >> changes... >> > > how did you deploy the new image? > > >> comparing the history of both the original image and the modified image, >> it looks like it did add a new layer: >> >> >> >> *IMAGE CREATED CREATED >> BY SIZE >> COMMENTe99517b97a3e21 hours ago >> /usr/libexec/s2i/run 1.886 >> MBjenkins 3rd attemptc014669e27a011 days ago >> /bin/sh -c #(nop) LABEL io.openshift.builder- 0 B * >> >> So finally coming to my question, am I missing something while creating a >> new docker layer for my jenkins image? >> > > i'm guessing you just didn't actually deploy your new image, but we'll > need some more details about your steps to know for sure. > > > >> Or should i just use Source to image builder for my changes? >> >> >> Thanks & Regards, >> >> AK >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > > > -- > Ben Parees | OpenShift > > -- *Thanks & Regards,* *Akshaya Khare* *312-785-3508* ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Docker layering for jenkins image issue
Hi While going through the documentation for using *jenkins* image, I found that we can use the updated image of jenkins by: - Use Docker layering. - Use the image as a Source-To-Image builder Now i found docker layering to be ideal in my case since I have created a new project and made many configurations to make it work. I ran the below command for getting the new image *# docker commit -m "my message" * I pushed it to my local registry and used it to create a new application in openshift. It did get deployed, but the jenkins image doesn't contain any of my changes... comparing the history of both the original image and the modified image, it looks like it did add a new layer: *IMAGE CREATED CREATED BY SIZE COMMENTe99517b97a3e21 hours ago /usr/libexec/s2i/run 1.886 MBjenkins 3rd attemptc014669e27a011 days ago /bin/sh -c #(nop) LABEL io.openshift.builder- 0 B * So finally coming to my question, am I missing something while creating a new docker layer for my jenkins image? Or should i just use Source to image builder for my changes? Thanks & Regards, AK ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
